{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3393", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-28T17:07:38.378Z", "datePublished": "2026-03-01T12:02:09.072Z", "dateUpdated": "2026-03-02T18:15:50.546Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T12:02:09.072Z"}, "title": "jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "jarikomppa", "product": "soloud", "versions": [{"version": "20200207", "status": "affected"}], "modules": ["Audio File Handler"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-28T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-28T18:12:46.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348279", "name": "VDB-348279 | jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348279", "name": "VDB-348279 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761338", "name": "Submit #761338 | jarikomppa soloud master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jarikomppa/soloud/issues/401", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0209/blob/main/so1/repro", "tags": ["exploit"]}, {"url": "https://github.com/jarikomppa/soloud/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T18:12:57.094459Z", "id": "CVE-2026-3393", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T18:15:50.546Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3393", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T18:12:57.094459Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T18:14:12.829Z"}}], "cna": {"title": "jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "jarikomppa", "modules": ["Audio File Handler"], "product": "soloud", "versions": [{"status": "affected", "version": "20200207"}]}], "timeline": [{"lang": "en", "time": "2026-02-28T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-28T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-28T18:12:46.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348279", "name": "VDB-348279 | jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348279", "name": "VDB-348279 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761338", "name": "Submit #761338 | jarikomppa soloud master-branch Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jarikomppa/soloud/issues/401", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0209/blob/main/so1/repro", "tags": ["exploit"]}, {"url": "https://github.com/jarikomppa/soloud/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T12:02:09.072Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3393", "state": "PUBLISHED", "dateUpdated": "2026-03-02T18:15:50.546Z", "dateReserved": "2026-02-28T17:07:38.378Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-01T12:02:09.072Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solhsa:soloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAD2C956-F3C3-4AF4-A1F1-921FC03BF929", "versionEndIncluding": "2020-02-07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de seguridad en jarikomppa soloud hasta 20200207, la cual afeacta a la funci\u00f3n SoLoud::Wav::loadflac del archivo src/audiosource/wav/soloud_wav.cpp del componente Gestor de Archivos de Audio. Su manipulaci\u00f3n provoca un desbordamiento de b\u00fafer basado en mont\u00edculo. El ataque debe llevarse a cabo localmente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. Se inform\u00f3 pronto del problema al proyecto, a trav\u00e9s de un informe de incidencias, pero a\u00fan no ha respondido."}], "id": "CVE-2026-3393", "lastModified": "2026-03-13T14:23:55.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-01T13:16:14.610", "references": [{"source": "[email protected]", "tags": ["Product"], "url": "https://github.com/jarikomppa/soloud/"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/jarikomppa/soloud/issues/401"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "https://github.com/oneafter/0209/blob/main/so1/repro"}, {"source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348279"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348279"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.761338"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "20200207"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "soloud", "source": "cna", "vendor": "jarikomppa"}, "product": "soloud", "vendor": "jarikomppa"}], "created": "2026-03-02T12:04:01.783425+00:00", "updated": "2026-03-02T12:04:01.783501+00:00", "vendors": ["jarikomppa", "jarikomppa$PRODUCT$soloud"]}