FLAC version 1.3.2 has a memory leak vulnerability in the src/libFLAC/stream_decoder.c:read_metadata_vorbiscomment_() function. An attacker could exploit this via crafted FLAC file to cause a denial of service. External Reference: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ Upstream Patch: https://git.xiph.org/?p=flac.git;a=blobdiff;f=src/libFLAC/stream_decoder.c;h=a5527511d195f9428c817ad6dbe57e8af03a2f1b;hp=14d5fe7ff3e81f38554c057fcd7d86830a582257;hb=4f47b63e9c971e6391590caf00a0f2a5ed612e67;hpb=25b2d82fe4982edbcb54913f4f5db0a1ae9c726d
Created flac tracking bugs for this issue: Affects: fedora-all [bug 1573062] Created mingw-flac tracking bugs for this issue: Affects: fedora-all [bug 1573061]