Medium severity5.5OSV Advisory· Published Jan 20, 2026· Updated Apr 15, 2026

CVE-2025-14369

Description

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

Affected products

Mackron/Dr LibsOSV
Range: flac-0.12.43, flac-0.13.0, flac-0.13.1, …

Patches

b2197b2eb7bb

https://github.com/mackron/dr_libsvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0nvd
www.kb.cert.org/vuls/id/924114nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000