Source: libchdr Version: 0.0~git20250608.8bba774+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for libchdr. CVE-2025-14369[0]: | dr_flac, an audio decoder within the dr_libs toolset, contains an | integer overflow vulnerability flaw due to trusting the | totalPCMFrameCount field from FLAC metadata before calculating | buffer size, allowing an attacker with a specially crafted file to | perform DoS against programs using the tool. libchdr makes use of an embeeded dr_flac.h with afaics vulnerable code. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-14369 https://www.cve.org/CVERecord?id=CVE-2025-14369 [1] https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0 [2] https://www.kb.cert.org/vuls/id/924114 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
