CVE-2020-22219 — Classic Buffer Overflow in Project Flac

CWE-120 — Classic Buffer Overflow8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 44.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flac Project Flac Debian Flac Msrc Cbl2 Flac 1.4.3-1 ON CBL Mariner 2.0

Timeline

PublishedAug 22

Latest updateSep 22

Description

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/flac< flac 1.4.1-1 (bookworm)

▶NVDflac_project/flac< 1.4.0

▶Debianflac_project/flac< 1.3.3-2+deb11u2+3

▶msrcmsrc/cbl2_flac_1.4.3-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2020-22219: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1↗2023-08-22

▶

GHSA

GHSA-hvp4-qmrj-gvhf: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

FLAC vulnerability↗2023-09-22

▶

Ubuntu

FLAC vulnerability↗2023-09-12

▶

Red Hat

flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder↗2023-08-22

▶

Microsoft

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.↗2023-08-08

▶

Debian

CVE-2020-22219: flac - Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 a...↗2020

▶