CVE-2017-6888

Published: Apr 25, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.

Vendor	Product	Versions
FLAC	FLAC	affected `1.3.2`

References

https://secuniaresearch.flexerasoftware.com/advisories/82639/

x_refsource_MISC

https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=4f47b63e9c971e6391590caf00a0f2a5ed612e67

x_refsource_CONFIRM

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/

x_refsource_MISC

[debian-lts-announce] 20210104 [SECURITY] [DLA 2514-1] flac security update

mailing-list

x_refsource_MLIST

FEDORA-2021-ed9c13a1d5

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-a48ccc6754

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-6888

Description

Affected Products

References