Opened 4 months ago

Closed 4 months ago

#14852 closed enhancement (fixed)

flac security fix

Reported by: ken@… Owned by: ken@…
Priority: normal Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by ken@…)

In FLACbitreader_read_rice_signed_block of bitreader.c,

there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Fixed upstream but no new release.


Change History (4)

comment:1 by ken@…, 4 months ago

Description: modified (diff)
Owner: changed from blfs-book to ken@…
Status: newassigned

comment:2 by ken@…, 4 months ago

Book updated at r24429.

comment:3 by ken@…, 4 months ago

Advisory 10.1 022 added.

comment:4 by ken@…, 4 months ago

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.