Flac Project Flac vulnerabilities

CVE-2020-22219 [HIGH] CWE-120 CVE-2020-22219: Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attacke Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.

CVE-2021-0561 [MEDIUM] CVE-2021-0561: In append_to_verify_fifo_interleaved_ of stream_encoder In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

CVE-2020-0499 [MEDIUM] CVE-2020-0499: In FLAC__bitreader_read_rice_signed_block of bitreader In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

CVE-2017-6888 [MEDIUM] CWE-772 CVE-2017-6888: An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC ver An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

CVE-2014-8962 [HIGH] CVE-2014-8962: Stack-based buffer overflow in stream_decoder Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

CVE-2014-9028 [HIGH] CVE-2014-9028: Heap-based buffer overflow in stream_decoder Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

CVE-2007-6277 [CRITICAL] CVE-2007-6277: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1 Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .F

CVE-2007-6278 [CRITICAL] CVE-2007-6278: Free Lossless Audio Codec (FLAC) libFLAC before 1 Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

CVE-2007-6279 [CRITICAL] CVE-2007-6279: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1 Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.

CVE-2007-4619 [CRITICAL] CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1 Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.