Search CVE reports


Toggle filters

1 – 10 of 11 results


CVE-2020-22219

Medium priority
Fixed

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-0561

Low priority

Some fixes available 5 of 6

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User...

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-0499

Low priority

Some fixes available 4 of 7

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User...

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac Not affected Fixed Fixed Fixed
Show less packages

CVE-2017-6888

Low priority

Some fixes available 3 of 30

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

6 affected packages

android, chromium-browser, flac, mame, oxide-qt, praat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
android Not in release Not in release Not in release Not in release Ignored
chromium-browser Not affected Not affected Not affected Not affected Not affected
flac Not affected Not affected Not affected Fixed Fixed
mame Not affected Not affected Not affected Not affected Not affected
oxide-qt Not in release Not in release Not in release Not in release Ignored
praat Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2014-9028

Medium priority

Some fixes available 5 of 7

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

2 affected packages

android, flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
android
flac
Show less packages

CVE-2014-8962

Medium priority
Fixed

Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac
Show less packages

CVE-2007-6279

Medium priority
Fixed

Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac
Show less packages

CVE-2007-6278

Low priority
Fixed

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac
Show less packages

CVE-2007-6277

Medium priority
Fixed

Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture...

1 affected packages

flac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac
Show less packages

CVE-2007-4619

Medium priority
Fixed

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that...

2 affected packages

flac, xine-lib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flac
xine-lib
Show less packages