CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22219 – flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
https://notcve.org/view.php?id=CVE-2020-22219
22 Aug 2023 — Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. Vulnerabilidad de Desbordamiento de Búfer en la función bitwriter_grow_ en flac anterior a 1.4.0 permite a atacantes remotos ejecutar código arbitrario a través de una entrada manipulada al codificador. A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows... • https://github.com/xiph/flac/issues/215 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6888 – Ubuntu Security Notice USN-5733-1
https://notcve.org/view.php?id=CVE-2017-6888
15 May 2017 — An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file. Un error en la función read_metadata_vorbiscomment_() en src/libFLAC/stream_decoder.c en la versión 1.3.2 de FLAC puede explotarse para provocar una fuga de memoria mediante un archivo FLAC especialmente manipulado. It was discovered that FLAC was not properly performing memory management operations, which could result in a ... • https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=4f47b63e9c971e6391590caf00a0f2a5ed612e67 • CWE-772: Missing Release of Resource after Effective Lifetime •