CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22219 – flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
https://notcve.org/view.php?id=CVE-2020-22219
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Vulnerabilidad de Desbordamiento de Búfer en la función bitwriter_grow_ en flac anterior a 1.4.0 permite a atacantes remotos ejecutar código arbitrario a través de una entrada manipulada al codificador. A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder. • https://github.com/xiph/flac/issues/215 https://lists.debian.org/debian-lts-announce/2023/09/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZD2AJTU4PCJQP7HPTS2L2ELJWBASCRGD https://www.debian.org/security/2023/dsa-5500 https://access.redhat.com/security/cve/CVE-2020-22219 https://bugzilla.redhat.com/show_bug.cgi?id=2235489 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6888
https://notcve.org/view.php?id=CVE-2017-6888
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. Un error en la función read_metadata_vorbiscomment_() en src/libFLAC/stream_decoder.c en la versión 1.3.2 de FLAC puede explotarse para provocar una fuga de memoria mediante un archivo FLAC especialmente manipulado. • https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=4f47b63e9c971e6391590caf00a0f2a5ed612e67 https://lists.debian.org/debian-lts-announce/2021/01/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE https://secuniaresearch.flexerasoftware.com/advisories/82639 https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7 • CWE-772: Missing Release of Resource after Effective Lifetime •