CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22219 – flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
https://notcve.org/view.php?id=CVE-2020-22219
22 Aug 2023 — Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Vulnerabilidad de Desbordamiento de Búfer en la función bitwriter_grow_ en flac anterior a 1.4.0 permite a atacantes remotos ejecutar código arbitrario a través de una entrada manipulada al codificador. A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows... • https://github.com/xiph/flac/issues/215 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6888 – Ubuntu Security Notice USN-5733-1
https://notcve.org/view.php?id=CVE-2017-6888
15 May 2017 — An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. Un error en la función read_metadata_vorbiscomment_() en src/libFLAC/stream_decoder.c en la versión 1.3.2 de FLAC puede explotarse para provocar una fuga de memoria mediante un archivo FLAC especialmente manipulado. It was discovered that FLAC was not properly performing memory management operations, which could result in a ... • https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=4f47b63e9c971e6391590caf00a0f2a5ed612e67 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 0CVE-2014-8962 – flac: Buffer read overflow when processing ID3V2 metadata
https://notcve.org/view.php?id=CVE-2014-8962
25 Nov 2014 — Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Desbordamiento de buffer basado en pila en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero .flac manipulado. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application usi... • http://advisories.mageia.org/MGASA-2014-0499.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 20%CPEs: 1EXPL: 0CVE-2014-9028 – flac: Heap buffer write overflow in read_residual_partitioned_rice_
https://notcve.org/view.php?id=CVE-2014-9028
25 Nov 2014 — Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Desbordamiento de buffer basado en memoria dinámica en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero .flac manipulado. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application u... • http://advisories.mageia.org/MGASA-2014-0499.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2007-6277 – libflac: Multiple security issues fixed in 1.2.1
https://notcve.org/view.php?id=CVE-2007-6277
07 Dec 2007 — Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Pictu... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6278
https://notcve.org/view.php?id=CVE-2007-6278
07 Dec 2007 — Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. Free Lossless Audio Codec (FLAC) libFLAC, en versiones anteriores a la 1.2.1, permite que atacantes remotos con intervención del usuario fuercen al cliente a descargar archivos cualesquiera a través de la etiqueta MIME-Type URL (-->) para el fichero de imagen FLAC en un archivo .FLAC manipul... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-6279
https://notcve.org/view.php?id=CVE-2007-6279
07 Dec 2007 — Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. Múltiples vulnerabilidades de doble liberación en Free Lossless Audio Codec en LibFLAC (FLAC) versiones anteriores a 1.2.1, permiten a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de (1) valores de Seektable o (2) Desplazamientos de D... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2007-4619 – FLAC Integer overflows
https://notcve.org/view.php?id=CVE-2007-4619
12 Oct 2007 — Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. Múltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos... • http://bugzilla.redhat.com/show_bug.cgi?id=331991 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •