CVE-2026-29022 identifies a heap-based buffer overflow vulnerability in the widely used open-source audio library component dr_libs, specifically in the dr_wav.h header file version 0.14.4 and earlier. The vulnerability arises in the drwav__read_smpl_to_metadata_obj() function, which processes sample loop metadata from WAV files. During the first pass, the sampleLoopCount is validated, but in the second pass, the code unconditionally processes sample loops without revalidating the count. This discrepancy allows an attacker to craft a malicious WAV file that causes the function to write 36 bytes of attacker-controlled data beyond the allocated heap buffer, leading to memory corruption. The overflow occurs when any drwav_init_*_with_metadata() function is called with untrusted input. Exploiting this vulnerability requires the victim to open or process a malicious WAV file, implying user interaction and local access. The vulnerability does not require privileges or authentication but does require the vulnerable library to be used in an application that processes WAV files. The CVSS 4.0 vector indicates low attack vector (local), low attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity. No public exploits or patches are currently available, but the issue was fixed in a specific commit (8a7258c).

The heap-based buffer overflow can lead to memory corruption, which may be exploited to cause application crashes (denial of service) or potentially arbitrary code execution depending on the environment and exploitation techniques. Since dr_libs dr_wav.h is used in audio processing libraries and multimedia applications, any software that processes WAV files using this library is at risk. This can affect media players, audio editing tools, games, or any embedded systems that rely on dr_libs for WAV file handling. The impact includes potential compromise of system integrity, unauthorized code execution, or service disruption. The requirement for user interaction and local access limits remote exploitation but does not eliminate risk, especially in environments where untrusted audio files are processed automatically or by users. Organizations relying on this library in their software supply chain or products may face reputational damage, operational disruption, or security breaches if exploited.

To mitigate this vulnerability, organizations should immediately update dr_libs dr_wav.h to the fixed version that includes commit 8a7258c or later. If updating is not immediately possible, implement strict input validation and sanitization of WAV files before processing, especially focusing on sample loop metadata fields. Employ runtime protections such as heap memory protection mechanisms (e.g., ASLR, heap canaries) and enable compiler-based security features like stack protection and bounds checking where possible. Restrict the processing of untrusted or user-supplied audio files in sensitive or high-privilege contexts. Conduct thorough code audits of any custom usage of dr_libs to ensure no unsafe assumptions are made about WAV file metadata. Monitor for unusual application crashes or behavior that could indicate exploitation attempts. Finally, maintain an inventory of software components using dr_libs to ensure all affected applications are identified and remediated.