cbcvebase.
CVE-2021-0561
published 2021-06-22

CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local…

PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.8th percentile
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

Affected

17 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianflac< flac 1.3.4-1 (bookworm)flac 1.3.4-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
flac_projectflac>= 0 < 1.3.3-2+deb11u11.3.3-2+deb11u1
flac_projectflac>= 0 < 1.3.4-11.3.4-1
flac_projectflac>= 0 < 1.3.4-11.3.4-1
flac_projectflac>= 0 < 1.3.4-11.3.4-1
flac_projectflac>= 0 < 1.3.2-1ubuntu0.11.3.2-1ubuntu0.1
flac_projectflac>= 0 < 1.3.3-1ubuntu0.11.3.3-1ubuntu0.1
flac_projectflac>= 0 < 1.3.3-2ubuntu0.11.3.3-2ubuntu0.1
flac_projectflac>= 0 < 1.3.0-2ubuntu0.14.04.1+esm11.3.0-2ubuntu0.14.04.1+esm1
flac_projectflac>= 0 < 1.3.1-4ubuntu0.1~esm11.3.1-4ubuntu0.1~esm1
googleandroid
googleandroid
platformexternal_flac>= 11:0 < 11:2021-06-0111:2021-06-01

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.