Opened 4 months ago

Closed 4 months ago

#14852 closed enhancement (fixed)

flac security fix

Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description (last modified by ken@…)

In FLACbitreader_read_rice_signed_block of bitreader.c,

there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Fixed upstream but no new release.

CVE-2020-0490

Change History (4)

comment:1 by ken@…, 4 months ago

Description: modified (diff)
Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 4 months ago

Book updated at r24429.

comment:3 by ken@…, 4 months ago

Advisory 10.1 022 added.

comment:4 by ken@…, 4 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.