Bug#897015: flac: CVE-2017-6888
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 27 06:57:05 BST 2018
Source: flac
Version: 1.3.2-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for flac.
CVE-2017-6888[0]:
| An error in the "read_metadata_vorbiscomment_()" function
| (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited
| to cause a memory leak via a specially crafted FLAC file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6888
[1] https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
[2] https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-multimedia-maintainers
mailing list