Bug 1573058 (CVE-2017-6888) - CVE-2017-6888 flac: Memory leak in src/libFLAC/stream_decoder.c:read_metadata_vorbiscomment_()
Summary: CVE-2017-6888 flac: Memory leak in src/libFLAC/stream_decoder.c:read_metadata...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-6888
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1573061 1573060 1573062
Blocks: 1573063
TreeView+ depends on / blocked
 
Reported: 2018-04-30 05:12 UTC by Sam Fowler
Modified: 2019-09-29 14:38 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:20:49 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-04-30 05:12:27 UTC
FLAC version 1.3.2 has a memory leak vulnerability in the src/libFLAC/stream_decoder.c:read_metadata_vorbiscomment_() function. An attacker could exploit this via crafted FLAC file to cause a denial of service.


External Reference:

https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/


Upstream Patch:

https://git.xiph.org/?p=flac.git;a=blobdiff;f=src/libFLAC/stream_decoder.c;h=a5527511d195f9428c817ad6dbe57e8af03a2f1b;hp=14d5fe7ff3e81f38554c057fcd7d86830a582257;hb=4f47b63e9c971e6391590caf00a0f2a5ed612e67;hpb=25b2d82fe4982edbcb54913f4f5db0a1ae9c726d

Comment 1 Sam Fowler 2018-04-30 05:13:00 UTC
Created flac tracking bugs for this issue:

Affects: fedora-all [bug 1573062]


Created mingw-flac tracking bugs for this issue:

Affects: fedora-all [bug 1573061]


Note You need to log in before you can comment on or make changes to this bug.