CVE-2020-0499
published 2020-12-15CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote…
PriorityP425medium4.3CVSS 3.1
AVNACLPRNUIRSUCNINAL
EPSS
3.96%
89.2th percentile
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | flac | < flac 1.3.3-2 (bookworm) | flac 1.3.3-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| flac_project | flac | >= 0 < 1.3.3-2 | 1.3.3-2 |
| flac_project | flac | >= 0 < 1.3.3-2 | 1.3.3-2 |
| flac_project | flac | >= 0 < 1.3.3-2 | 1.3.3-2 |
| flac_project | flac | >= 0 < 1.3.3-2 | 1.3.3-2 |
| flac_project | flac | >= 0 < 1.3.2-1ubuntu0.1 | 1.3.2-1ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.3-1ubuntu0.1 | 1.3.3-1ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.3-2ubuntu0.1 | 1.3.3-2ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.0-2ubuntu0.14.04.1+esm1 | 1.3.0-2ubuntu0.14.04.1+esm1 |
| flac_project | flac | >= 0 < 1.3.1-4ubuntu0.1~esm1 | 1.3.1-4ubuntu0.1~esm1 |
| android | — | — | |
| android | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_ubuntu5.5MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
flac vulnerabilities
osv·2022-11-21·CVSS 5.5
CVE-2017-6888 [MEDIUM] flac vulnerabilities
flac vulnerabilities
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when decoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499)
It was d
GHSA
GHSA-qp4c-cv95-gwhh: In FLAC__bitreader_read_rice_signed_block of bitreader
ghsa_unreviewed·2022-05-24
CVE-2020-0499 [MEDIUM] CWE-125 GHSA-qp4c-cv95-gwhh: In FLAC__bitreader_read_rice_signed_block of bitreader
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
OSV
CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader
osv·2020-12-15·CVSS 4.3
CVE-2020-0499 [MEDIUM] CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
Ubuntu
FLAC vulnerabilities
vendor_ubuntu·2022-11-21·CVSS 5.5
CVE-2017-6888 [MEDIUM] FLAC vulnerabilities
Title: FLAC vulnerabilities
Summary: Several security issues were fixed in FLAC.
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when decoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubu
Red Hat
flac: out-of-bounds read can lead to denial of service
vendor_redhat·2020-12-07·CVSS 4.3
CVE-2020-0499 [MEDIUM] CWE-125 flac: out-of-bounds read can lead to denial of service
flac: out-of-bounds read can lead to denial of service
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
Statement: Red Hat Product Security has lowered the severity of this flaw to Low because while the initial report stated a threat of remote information disclosure, it does not appear to be a possibility in flac as shipped with Red Hat Enterprise Linux 8.
Package: flac (Red Hat Enterprise Linux 6) - Out of support scope
Package: flac (Red Hat Enterprise Linux 7) - Out of support scope
Package: flac (Red Hat E
Debian
CVE-2020-0499: flac - In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible ou...
vendor_debian·2020·CVSS 4.3
CVE-2020-0499 [MEDIUM] CVE-2020-0499: flac - In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible ou...
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
Scope: local
bookworm: resolved (fixed in 1.3.3-2)
bullseye: resolved (fixed in 1.3.3-2)
forky: resolved (fixed in 1.3.3-2)
sid: resolved (fixed in 1.3.3-2)
trixie: resolved (fixed in 1.3.3-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/01/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/https://source.android.com/security/bulletin/pixel/2020-12-01https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2021/01/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/https://source.android.com/security/bulletin/pixel/2020-12-01
2020-12-15
Published