Debian Flac vulnerabilities

10 known vulnerabilities affecting debian/flac.

Total CVEs

10

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH3MEDIUM3LOW3

Vulnerabilities

Page 1 of 1

CVE-2021-0561MEDIUMCVSS 5.5fixed in flac 1.3.4-1 (bookworm)2021

CVE-2021-0561 [MEDIUM] CVE-2021-0561: flac - In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible o... In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 Scope: local bookworm: resolved (fixe

CVE-2020-22219HIGHCVSS 7.8fixed in flac 1.4.1-1 (bookworm)2020

CVE-2020-22219 [HIGH] CVE-2020-22219: flac - Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 a... Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Scope: local bookworm: resolved (fixed in 1.4.1-1) bullseye: resolved (fixed in 1.3.3-2+deb11u2) forky: resolved (fixed in 1.4.1-1) sid: resolved (fixed in 1.4.1-1) trixie: resolved (fixed in 1.4.1-1)

CVE-2020-0499MEDIUMCVSS 4.3fixed in flac 1.3.3-2 (bookworm)2020

CVE-2020-0499 [MEDIUM] CVE-2020-0499: flac - In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible ou... In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070 Scope: local bookworm: resolved (fixed in

CVE-2017-6888LOWCVSS 5.5fixed in flac 1.3.2-2 (bookworm)2017

CVE-2017-6888 [MEDIUM] CVE-2017-6888: flac - An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_de... An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. Scope: local bookworm: resolved (fixed in 1.3.2-2) bullseye: resolved (fixed in 1.3.2-2) forky: resolved (fixed in 1.3.2-2) sid: resolved (fixed in 1.3.2-2) trixie: resolved (fixed in 1

CVE-2014-9028HIGHCVSS 7.5fixed in flac 1.3.0-3 (bookworm)2014

CVE-2014-9028 [HIGH] CVE-2014-9028: flac - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows re... Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Scope: local bookworm: resolved (fixed in 1.3.0-3) bullseye: resolved (fixed in 1.3.0-3) forky: resolved (fixed in 1.3.0-3) sid: resolved (fixed in 1.3.0-3) trixie: resolved (fixed in 1.3.0-3)

CVE-2014-8962HIGHCVSS 7.5fixed in flac 1.3.0-3 (bookworm)2014

CVE-2014-8962 [HIGH] CVE-2014-8962: flac - Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows r... Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Scope: local bookworm: resolved (fixed in 1.3.0-3) bullseye: resolved (fixed in 1.3.0-3) forky: resolved (fixed in 1.3.0-3) sid: resolved (fixed in 1.3.0-3) trixie: resolved (fixed in 1.3.0-3)

CVE-2007-6277CRITICALCVSS 9.3fixed in flac 1.2.1-1 (bookworm)2007

CVE-2007-6277 [CRITICAL] CVE-2007-6277: flac - Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2... Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height va

CVE-2007-4619MEDIUMCVSS 9.3fixed in flac 1.2.1-1 (bookworm)2007

CVE-2007-4619 [CRITICAL] CVE-2007-4619: flac - Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.... Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye:

CVE-2007-6279LOWCVSS 9.3fixed in flac 1.2.1-1 (bookworm)2007

CVE-2007-6279 [CRITICAL] CVE-2007-6279: flac - Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC... Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye: resolved (fixed in 1.2.1-1) forky: resolved (fixed in 1.2.1-1) sid: r

CVE-2007-6278LOWCVSS 9.3fixed in flac 1.2.1-1 (bookworm)2007

CVE-2007-6278 [CRITICAL] CVE-2007-6278: flac - Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remot... Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. Scope: local bookworm: resolved (fixed in 1.2.1-1) bullseye: resolved (fixed in 1.2.1-1) forky: resolved (fixed in 1.2.1-1) sid: resolved (fixed in 1