Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5047: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Red Hat Security Data
#vulnerability#linux#red_hat#rce#buffer_overflow#ibm#sap#ssl

Synopsis

Important: flac security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.

Security Fix(es):

  • flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

x86_64

flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72

flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666

flac-debugsource-1.3.3-9.el9_0.1.i686.rpm

SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b

flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89

flac-libs-1.3.3-9.el9_0.1.i686.rpm

SHA-256: bba651a57cd8b57c803e68ec95cf971f4b6a98d8633c50327cae9daa8f3e5b98

flac-libs-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 98396f2721c27a29f4565012c89f7c29586260217054b79c3c0338369e6acecc

flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa

flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

s390x

flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125

flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd

flac-libs-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 32ebeae358f7f86bd2a08a32f2a628a42b99846569c037c8a6bb9d545ed86e3d

flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

ppc64le

flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7

flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f

flac-libs-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 5aa8c9c9d300baf243cd7a49307dce5896062129538a3899243e70a18e9e94f7

flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

aarch64

flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8

flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b

flac-libs-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 5e2f26d7d65241c8a424c3585d8614f73f803b41d43503a39d6f5a85d5d8c1e9

flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

ppc64le

flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7

flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f

flac-libs-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 5aa8c9c9d300baf243cd7a49307dce5896062129538a3899243e70a18e9e94f7

flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

x86_64

flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72

flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666

flac-debugsource-1.3.3-9.el9_0.1.i686.rpm

SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b

flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89

flac-libs-1.3.3-9.el9_0.1.i686.rpm

SHA-256: bba651a57cd8b57c803e68ec95cf971f4b6a98d8633c50327cae9daa8f3e5b98

flac-libs-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 98396f2721c27a29f4565012c89f7c29586260217054b79c3c0338369e6acecc

flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa

flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM

x86_64

flac-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: cc552669782230672ada93af255e1199ee113241520e793b28750cbb894344a5

flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72

flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666

flac-debugsource-1.3.3-9.el9_0.1.i686.rpm

SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b

flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89

flac-devel-1.3.3-9.el9_0.1.i686.rpm

SHA-256: 53f57362b7327cf104894e1c91675143cd463361b5e9c2a9682d7d0c4fb0dfd1

flac-devel-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: c5eabee20fa6c58deea1abf0dd8cefca16475ac08cff5bfacec871a96b181729

flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm

SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa

flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm

SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM

ppc64le

flac-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 9d0d464db8bc811570fe35825b83c3b70768de8917837b0646711291ec5a9ad2

flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7

flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f

flac-devel-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 56a6c0ce35765fd180e7db1cf29f568f85a916b43cf302bdc8c3006637d384fe

flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm

SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM

s390x

flac-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: dd7435864eb1162508e225dd4fe4a039a6d5c50d87c1c18b5cb13180ee60ff73

flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125

flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd

flac-devel-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 0764c52f9d1c0c5d9f424ebd02e00eba01ae3fc6adc3920242774a6e5a63dff4

flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM

aarch64

flac-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: a4e5a05b3491998e33a31e67d3c0400b5205fda9b9dc6879bcba45c59ccaae17

flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8

flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b

flac-devel-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 2aee1e8d787f71c69c13d1cf73351629370ba91ffebac1c7ec69c90181794005

flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

aarch64

flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8

flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b

flac-libs-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 5e2f26d7d65241c8a424c3585d8614f73f803b41d43503a39d6f5a85d5d8c1e9

flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm

SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

flac-1.3.3-9.el9_0.1.src.rpm

SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72

s390x

flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125

flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd

flac-libs-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: 32ebeae358f7f86bd2a08a32f2a628a42b99846569c037c8a6bb9d545ed86e3d

flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm

SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68

Related news

Ubuntu Security Notice USN-6360-2

Ubuntu Security Notice 6360-2 - USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5155-01

Red Hat Security Advisory 2023-5155-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.13. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5500-1

Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.

Red Hat Security Advisory 2023-5044-01

Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5046-01

Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5047-01

Red Hat Security Advisory 2023-5047-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5045-01

Red Hat Security Advisory 2023-5045-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5048-01

Red Hat Security Advisory 2023-5048-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5042-01

Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5043-01

Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.

RHSA-2023:5046: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5045: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

RHSA-2023:5043: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code vi...

RHSA-2023:5042: Red Hat Security Advisory: flac security update

An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.

CVE-2020-22219: wild-addr-write found by fuzz · Issue #215 · xiph/flac

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.