CVE-2020-0499Out-of-bounds Read in Flac

CWE-125Out-of-bounds Read7 documents6 sources
Severity
4.3MEDIUMNVD
OSV5.5
EPSS
5.5%
top 9.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Flac Project FlacDebian FlacGoogle Android+2 more
Timeline
PublishedDec 15
Latest updateNov 21

Description

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/androidAndroid-11
NVDgoogle/android11.0
debiandebian/flac< flac 1.3.3-2 (bookworm)
Debianflac_project/flac< 1.3.3-2+3
Ubuntuflac_project/flac< 1.3.2-1ubuntu0.1+4

Also affects: Debian Linux 9.0, Fedora 32, 33

🔴Vulnerability Details

3
OSV
flac vulnerabilities2022-11-21
GHSA
GHSA-qp4c-cv95-gwhh: In FLAC__bitreader_read_rice_signed_block of bitreader2022-05-24
OSV
CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader2020-12-15

📋Vendor Advisories

3
Ubuntu
FLAC vulnerabilities2022-11-21
Red Hat
flac: out-of-bounds read can lead to denial of service2020-12-07
Debian
CVE-2020-0499: flac - In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible ou...2020