CVE-2021-0561
published 2021-06-22CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local…
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.8th percentile
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | flac | < flac 1.3.4-1 (bookworm) | flac 1.3.4-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| flac_project | flac | >= 0 < 1.3.3-2+deb11u1 | 1.3.3-2+deb11u1 |
| flac_project | flac | >= 0 < 1.3.4-1 | 1.3.4-1 |
| flac_project | flac | >= 0 < 1.3.4-1 | 1.3.4-1 |
| flac_project | flac | >= 0 < 1.3.4-1 | 1.3.4-1 |
| flac_project | flac | >= 0 < 1.3.2-1ubuntu0.1 | 1.3.2-1ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.3-1ubuntu0.1 | 1.3.3-1ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.3-2ubuntu0.1 | 1.3.3-2ubuntu0.1 |
| flac_project | flac | >= 0 < 1.3.0-2ubuntu0.14.04.1+esm1 | 1.3.0-2ubuntu0.14.04.1+esm1 |
| flac_project | flac | >= 0 < 1.3.1-4ubuntu0.1~esm1 | 1.3.1-4ubuntu0.1~esm1 |
| android | — | — | |
| android | — | — | |
| platform | external_flac | >= 11:0 < 11:2021-06-01 | 11:2021-06-01 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
FLAC vulnerabilities
vendor_ubuntu·2022-11-21·CVSS 5.5
CVE-2017-6888 [MEDIUM] FLAC vulnerabilities
Title: FLAC vulnerabilities
Summary: Several security issues were fixed in FLAC.
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when decoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubu
Red Hat
flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
vendor_redhat·2022-02-23·CVSS 5.5
CVE-2021-0561 [MEDIUM] CWE-787 flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure.
Statement: Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.
Red Hat Product Security has ra
Debian
CVE-2021-0561: flac - In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible o...
vendor_debian·2021·CVSS 5.5
CVE-2021-0561 [MEDIUM] CVE-2021-0561: flac - In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible o...
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
Scope: local
bookworm: resolved (fixed in 1.3.4-1)
bullseye: resolved (fixed in 1.3.3-2+deb11u1)
forky: resolved (fixed in 1.3.4-1)
sid: resolved (fixed in 1.3.4-1)
trixie: resolved (fixed in 1.3.4-1)
OSV
flac vulnerabilities
osv·2022-11-21·CVSS 5.5
CVE-2017-6888 [MEDIUM] flac vulnerabilities
flac vulnerabilities
It was discovered that FLAC was not properly performing memory management
operations, which could result in a memory leak. An attacker could possibly
use this issue to cause FLAC to consume resources, leading to a denial of
service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and
Ubuntu 18.04 LTS. (CVE-2017-6888)
It was discovered that FLAC was not properly performing bounds checking
operations when decoding data. If a user or automated system were tricked
into processing a specially crafted file, an attacker could possibly use
this issue to expose sensitive information or to cause FLAC to crash,
leading to a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-0499)
It was d
GHSA
GHSA-crfc-rr25-6wf2: In append_to_verify_fifo_interleaved_ of stream_encoder
ghsa_unreviewed·2022-05-24
CVE-2021-0561 [MEDIUM] CWE-787 GHSA-crfc-rr25-6wf2: In append_to_verify_fifo_interleaved_ of stream_encoder
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
OSV
CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder
osv·2021-06-22·CVSS 5.5
CVE-2021-0561 [MEDIUM] CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
OSV
CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder
osv·2021-06-01
CVE-2021-0561 CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2022/03/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWXBVMPPSL377I7YM55ZYXVKVMYOKES2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4Y7BW35TGNFYBYBSBDSGLUJHHTYEUSG/https://source.android.com/security/bulletin/pixel/2021-06-01https://lists.debian.org/debian-lts-announce/2022/03/msg00022.htmlhttps://lists.debian.org/debian-lts-announce/2022/09/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWXBVMPPSL377I7YM55ZYXVKVMYOKES2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4Y7BW35TGNFYBYBSBDSGLUJHHTYEUSG/https://source.android.com/security/bulletin/pixel/2021-06-01
2021-06-22
Published