CVE-2026-37555

EPSS 0.04% · P13 Updated May 01, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-37555

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

libsndfile 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

libsndfile是libsndfile开源的一款用于读取和写入包含采样音频数据的声音文件的AC库。 libsndfile 1.2.2版本存在输入验证错误漏洞，该漏洞源于IMA ADPCM编解码器中整数溢出，可能导致堆缓冲区溢出或拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2026-37555

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-37555

请登录查看更多情报信息。

Same Patch Batch · n/a · 2026-04-29 · 14 CVEs total

CVE-2026-7389	7.3 HIGH	EyouCMS common.php GetSortData sql injection
CVE-2026-7388	4.7 MEDIUM	EyouCMS Template File FilemanagerLogic.php editFile code injection
CVE-2026-36837		TOTOLINK A3002RU 安全漏洞
CVE-2026-36841		TOTOLINK N200RE 命令注入漏洞
CVE-2026-38992		Cockpit 安全漏洞
CVE-2026-38991		Cockpit 代码问题漏洞
CVE-2026-38993		Cockpit 路径遍历漏洞
CVE-2026-30769		EnTech Taiwan TVicPort 输入验证错误漏洞
CVE-2025-56536		OpenNebula 跨站脚本漏洞
CVE-2025-56534		OpenNebula 跨站脚本漏洞
CVE-2025-56537		OpenNebula 跨站脚本漏洞
CVE-2025-56535		OpenNebula 跨站脚本漏洞
CVE-2025-50328		B1FREE 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2026-37555

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-37555

I. Basic Information for CVE-2026-37555

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-37555

III. Intelligence Information for CVE-2026-37555

Same Patch Batch · n/a · 2026-04-29 · 14 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-37555

Leave a comment