Re: [blfs-book] [BLFS Trac] #14852: flac security fix

BLFS Trac via blfs-book Fri, 02 Apr 2021 08:14:46 -0700

#14852: flac security fix
-------------------------+-----------------------
 Reporter:  ken@…        |       Owner:  ken@…
     Type:  enhancement  |      Status:  assigned
 Priority:  normal       |   Milestone:  10.2
Component:  BOOK         |     Version:  SVN
 Severity:  normal       |  Resolution:
 Keywords:               |
-------------------------+-----------------------
Changes (by ken@…):


 * owner:  blfs-book => ken@…
 * status:  new => assigned


Old description:

> In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a
> possible out of bounds read due to a heap buffer overflow. This could
> lead to remote information disclosure with no additional execution
> privileges needed. User interaction is needed for exploitation.
>
> Fixed upstream but no new release.
>
> CVE-2020-0490

New description:

 In FLAC__bitreader_read_rice_signed_block of bitreader.c,

 there is a possible out of bounds read due to a heap buffer overflow. This
 could lead to remote information disclosure with no additional execution
 privileges needed. User interaction is needed for exploitation.

 Fixed upstream but no new release.

 CVE-2020-0490

--

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14852#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Re: [blfs-book] [BLFS Trac] #14852: flac security fix

Reply via email to