rpm package
opensuse/flac&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/flac&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-0561 | — | < 1.3.4-1.1 | 1.3.4-1.1 | Jun 22, 2021 | In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc | ||
| CVE-2020-0499 | — | < 1.3.4-1.1 | 1.3.4-1.1 | Dec 15, 2020 | In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: An | ||
| CVE-2017-6888 | — | < 1.3.3-1.9 | 1.3.3-1.9 | Apr 25, 2018 | An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. | ||
| CVE-2014-9028 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 26, 2014 | Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. | ||
| CVE-2014-8962 | — | < 1.3.1-3.1 | 1.3.1-3.1 | Nov 26, 2014 | Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. |
- CVE-2021-0561Jun 22, 2021affected < 1.3.4-1.1fixed 1.3.4-1.1
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc
- CVE-2020-0499Dec 15, 2020affected < 1.3.4-1.1fixed 1.3.4-1.1
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: An
- CVE-2017-6888Apr 25, 2018affected < 1.3.3-1.9fixed 1.3.3-1.9
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
- CVE-2014-9028Nov 26, 2014affected < 1.3.1-3.1fixed 1.3.1-3.1
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
- CVE-2014-8962Nov 26, 2014affected < 1.3.1-3.1fixed 1.3.1-3.1
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.