[Claudio Ferreira] > Please find attached a patch that fixes CVE-2025-14569, a use-after-free > vulnerability in the read_audio_data() function in common-whisper.cpp.
Thank you. When I passed the patch upstream, I was told that this issue has already been fixed in commit cec1dd9d1276a1df679858222f3b1dc0551c5220 from 2026-02-27 when the miniaudio version was updated from 0.11.22 to 0.11.24 and the issue can no longer be reproduced, see <URL: https://github.com/ggml-org/whisper.cpp/issues/3501 >. This fix is included in version 1.8.4 already uploaded into Debian. Do you agree with this finding? -- Happy hacking Petter Reinholdtsen
