5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libFLAC.so is vulnerable to denial of service (DoS) attacks. The attacks are possible due to an error in the read_metadata_vorbiscomment_()
function of src/libFLAC/stream_decoder.c
.
CPE | Name | Operator | Version |
---|---|---|---|
libflac.so | le | 8.3.0 | |
flac:stretch | eq | 1.3.2-1 |
git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
gitlab.xiph.org/xiph/flac/blob/1.3.2/src/libFLAC/stream_decoder.c#L1684
gitlab.xiph.org/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67
lists.debian.org/debian-lts-announce/2021/01/msg00001.html
lists.fedoraproject.org/archives/list/[email protected]/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/
lists.fedoraproject.org/archives/list/[email protected]/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/
secuniaresearch.flexerasoftware.com/advisories/82639/
secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P