-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description, GitHub issue #832, and the commit message of the fixing commit (05f9978772747cf951a755497b03ebb26909f739) all explicitly name wav_read_header in src/wav.c as the location of the off-by-one error. The issue report provides runtime sanitizer output showing an out-of-bounds access related to 'SF_CUE_POINT' within this function. Although the patch details could not be fetched, the available information is sufficient to identify the vulnerable function with high confidence. The confidence is high due to the direct naming of the function and file in multiple reliable sources related to the vulnerability report and its fix.
Ongoing coverage of React2Shell