In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. https://security-tracker.debian.org/tracker/CVE-2021-0561 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561 https://github.com/xiph/flac/commit/e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Created flac tracking bugs for this issue: Affects: fedora-all [bug 2057777]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8078 https://access.redhat.com/errata/RHSA-2022:8078
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-0561