top of page
perceptive_background_267k.jpg

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf…

Published:

17 maart 2026 om 23:00:00

Alert date:

18 maart 2026 om 17:03:14

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies

CVE-2026-32256 affects the music-metadata library, a parser for audio and video media files. The vulnerability exists in the ASF parser's parseExtensionObject() function in lib/asf/AsfParser.ts at lines 112-158. When a sub-object inside the ASF Header Extension Object has objectSize = 0, the parser enters an infinite loop causing a denial of service condition. This could allow attackers to craft malicious ASF files that cause applications using the library to hang indefinitely. The issue was fixed in version 11.12.3 of the music-metadata library.

Technical details

Mitigation steps:

Affected products:

music-metadata

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-32256
https://github.com/Borewit/music-metadata/releases/tag/v11.12.3
https://github.com/Borewit/music-metadata/security/advisories/GHSA-v6c2-xwv6-8xf7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page