Headline
RHSA-2023:5047: Red Hat Security Advisory: flac security update
An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Synopsis
Important: flac security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for flac is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files.
Security Fix(es):
- flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder (CVE-2020-22219)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2235489 - CVE-2020-22219 flac: Remote Code Execution (RCE) via the bitwriter_grow_ function, by supplying crafted input to the encoder
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
x86_64
flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72
flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666
flac-debugsource-1.3.3-9.el9_0.1.i686.rpm
SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b
flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89
flac-libs-1.3.3-9.el9_0.1.i686.rpm
SHA-256: bba651a57cd8b57c803e68ec95cf971f4b6a98d8633c50327cae9daa8f3e5b98
flac-libs-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 98396f2721c27a29f4565012c89f7c29586260217054b79c3c0338369e6acecc
flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa
flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
s390x
flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125
flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd
flac-libs-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 32ebeae358f7f86bd2a08a32f2a628a42b99846569c037c8a6bb9d545ed86e3d
flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
ppc64le
flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7
flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f
flac-libs-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 5aa8c9c9d300baf243cd7a49307dce5896062129538a3899243e70a18e9e94f7
flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
aarch64
flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8
flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b
flac-libs-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 5e2f26d7d65241c8a424c3585d8614f73f803b41d43503a39d6f5a85d5d8c1e9
flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
ppc64le
flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7
flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f
flac-libs-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 5aa8c9c9d300baf243cd7a49307dce5896062129538a3899243e70a18e9e94f7
flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
x86_64
flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72
flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666
flac-debugsource-1.3.3-9.el9_0.1.i686.rpm
SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b
flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89
flac-libs-1.3.3-9.el9_0.1.i686.rpm
SHA-256: bba651a57cd8b57c803e68ec95cf971f4b6a98d8633c50327cae9daa8f3e5b98
flac-libs-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 98396f2721c27a29f4565012c89f7c29586260217054b79c3c0338369e6acecc
flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa
flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0
SRPM
x86_64
flac-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: cc552669782230672ada93af255e1199ee113241520e793b28750cbb894344a5
flac-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: bd575ac21ccf0bce9aeabda05a5cd7f88399c090726ebd4d13779696c6c4dd72
flac-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 58ea1883fb2c998a2ef95905fc6417b6d8747b5b4c2614c95f48092bcd38f666
flac-debugsource-1.3.3-9.el9_0.1.i686.rpm
SHA-256: 408b1b5acd1adc368c002aedb9c4d985be544d425468e8d18c6a6ea35c70fe0b
flac-debugsource-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: d150e60e3dad6895afb7bd72b9b61a110dcea9d0fd5b1369f1120167723adf89
flac-devel-1.3.3-9.el9_0.1.i686.rpm
SHA-256: 53f57362b7327cf104894e1c91675143cd463361b5e9c2a9682d7d0c4fb0dfd1
flac-devel-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: c5eabee20fa6c58deea1abf0dd8cefca16475ac08cff5bfacec871a96b181729
flac-libs-debuginfo-1.3.3-9.el9_0.1.i686.rpm
SHA-256: dbc5d8dfbb086f516167648d0e2a10a3da354491c10dbc6e70c44f1b6a3673aa
flac-libs-debuginfo-1.3.3-9.el9_0.1.x86_64.rpm
SHA-256: 748fae480aa480712930a3a2f8806ad9ecb913a2fbcba35c39c2e9407c15798c
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0
SRPM
ppc64le
flac-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 9d0d464db8bc811570fe35825b83c3b70768de8917837b0646711291ec5a9ad2
flac-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 4cdb0d039807455f2e77e7a9a7f74bf2ecaeb33d15140b0cc84f8618d0814ba7
flac-debugsource-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 0fb2601a91befea2ed9d2f8cdfafca329921caa91fcfac16be0c66e99779e61f
flac-devel-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 56a6c0ce35765fd180e7db1cf29f568f85a916b43cf302bdc8c3006637d384fe
flac-libs-debuginfo-1.3.3-9.el9_0.1.ppc64le.rpm
SHA-256: 473daffc5661924810f8950f4f8a9c1d3f418de5920553daaa233bfddd9ca2b2
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0
SRPM
s390x
flac-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: dd7435864eb1162508e225dd4fe4a039a6d5c50d87c1c18b5cb13180ee60ff73
flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125
flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd
flac-devel-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 0764c52f9d1c0c5d9f424ebd02e00eba01ae3fc6adc3920242774a6e5a63dff4
flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0
SRPM
aarch64
flac-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: a4e5a05b3491998e33a31e67d3c0400b5205fda9b9dc6879bcba45c59ccaae17
flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8
flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b
flac-devel-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 2aee1e8d787f71c69c13d1cf73351629370ba91ffebac1c7ec69c90181794005
flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
aarch64
flac-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 1f92be2db9a2724f25e37eed24bc394de79c2e0999b993c6e019c1ae2796d5a8
flac-debugsource-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 8c564b112b344487114231905c727b231b5d51632b2d1aef959c3b2aa052645b
flac-libs-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 5e2f26d7d65241c8a424c3585d8614f73f803b41d43503a39d6f5a85d5d8c1e9
flac-libs-debuginfo-1.3.3-9.el9_0.1.aarch64.rpm
SHA-256: 23c04307a050f7341811c9fd6d0728e1ecd9f17b067471a61aa10004abd47331
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
flac-1.3.3-9.el9_0.1.src.rpm
SHA-256: 9dfd97d47aeacb8ca1e7c56ca17fdbab9d0bb4d881aa0cf7760590b97df26a72
s390x
flac-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 066ab8a59fa19b1eceb58e16872c6169797d5aba1d6fd05562a191549e714125
flac-debugsource-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 4619c7e3797329989578641a8827fb3ac1d47eaf8913e526baf6727028283ccd
flac-libs-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: 32ebeae358f7f86bd2a08a32f2a628a42b99846569c037c8a6bb9d545ed86e3d
flac-libs-debuginfo-1.3.3-9.el9_0.1.s390x.rpm
SHA-256: c7ceb6a5589d9b6d2ffe06bf5d949b2d31a4fa482c298d16c41268f2e6c05d68
Related news
Ubuntu Security Notice 6360-2 - USN-6360-1 fixed a vulnerability in FLAC. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that FLAC incorrectly handled encoding certain files. A remote attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-5155-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.13. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5500-1 - A buffer overflow was discovered in flac, a library handling Free Lossless Audio Codec media, which could potentially result in the execution of arbitrary code.
Red Hat Security Advisory 2023-5044-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5046-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5047-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5045-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5048-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5042-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-5043-01 - FLAC stands for Free Lossless Audio Codec. FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, a command-line program to encode and decode FLAC files, and a command-line metadata editor for FLAC files. Issues addressed include a code execution vulnerability.
An update for flac is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
An update for flac is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code vi...
An update for flac is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-22219: A flaw was found in the libeconf library. This issue occurs due to a buffer overflow vulnerability in the bitwriter_grow_ function in FLAC that allows remote attackers to run arbitrary code via crafted input to the encoder.
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.