INFSA-2023:5048: flac security update
Information about definition
Identificator: INFSA-2023:5048
Type: security
Release date: 2025-03-05 17:54:13 UTC
Information about package
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.
Vulnerabilities description
- CVE-2020-22219
A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-22219
|
no information | 7.8 | no information |
Updated packages