sonoscript is pre-1.0 and released from main. Security fixes are applied to the
latest release only.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
Please report suspected vulnerabilities privately using GitHub's security advisories rather than opening a public issue.
Include a description, reproduction steps and the affected version. I aim to acknowledge reports within a few days and to keep you updated as a fix is prepared.
sonoscript reads and writes WAV files and parses text instruction scripts. The most relevant concerns are parsing untrusted input (malformed WAV headers, large allocations) and handling untrusted script text. Reports in those areas are especially welcome.