This vulnerability is associated with program files flac.C.
This issue affects furnace: before 0.7.
"}],"value":"Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C.\n\nThis issue affects furnace: before 0.7."}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NEGLIGIBLE","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.4,"baseSeverity":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","privilegesRequired":"NONE","providerUrgency":"AMBER","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"ACTIVE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-125","description":"CWE-125 Out-of-bounds Read","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-24T02:50:36.111Z","orgId":"1a37b84a-8e51-4525-b3d6-87e2fae01dbd","shortName":"GovTech CSG"},"references":[{"tags":["patch"],"url":"https://github.com/tildearrow/furnace/pull/2812"}],"source":{"discovery":"UNKNOWN"},"title":"Out-of-bounds Read Overflow in tildearrow/furnace","x_generator":{"engine":"Vulnogram 0.5.0"}}},"cveMetadata":{"assignerOrgId":"1a37b84a-8e51-4525-b3d6-87e2fae01dbd","assignerShortName":"GovTech CSG","cveId":"CVE-2026-4732","datePublished":"2026-03-24T02:50:36.111Z","dateReserved":"2026-03-24T02:50:04.359Z","dateUpdated":"2026-03-24T18:28:11.937Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-24 04:17:25","lastModifiedDate":"2026-04-30 16:01:57","problem_types":["CWE-125","CWE-125 CWE-125 Out-of-bounds Read"],"metrics":{"cvssMetricV40":[{"source":"cve_disclosure@tech.gov.sg","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"4732","Ordinal":"1","Title":"Out-of-bounds Read Overflow in tildearrow/furnace","CVE":"CVE-2026-4732","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"4732","Ordinal":"1","NoteData":"Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C.\n\nThis issue affects furnace: before 0.7.","Type":"Description","Title":"Out-of-bounds Read Overflow in tildearrow/furnace"}]}}}