Summaryinfo

A vulnerability has been found in tildearrow furnace up to 0.6 and classified as problematic. The affected element is an unknown function in the library ‎extern/libsndfile-modified/src. Performing a manipulation results in out-of-bounds. This vulnerability is reported as CVE-2026-4732. The attack requires a local approach. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as problematic, was found in tildearrow furnace up to 0.6. This affects an unknown part in the library ‎extern/libsndfile-modified/src. The manipulation with an unknown input leads to a out-of-bounds vulnerability. CWE is classifying the issue as CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.

The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2026-4732 since 03/24/2026. The exploitability is told to be easy. An attack has to be approached locally. Technical details are known, but no exploit is available.

Upgrading to version 0.7 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• tildearrow

Name

• furnace

Version

• 0.1
• 0.2
• 0.3
• 0.4
• 0.5
• 0.6

Website

• Product: https://github.com/tildearrow/furnace/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion