FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FLAC -- out-of-bounds read

Affected packages
flac < 1.3.3_1

Details

VuXML ID 49346de2-b015-11eb-9bdf-f8b156b6dcc8
Discovery 2019-09-08
Entry 2021-05-08

Oss-Fuzz reports:

There is a possible out of bounds read due to a heap buffer overflow in FLAC__bitreader_read_rice_signed_block of bitreader.c.

References

CVE Name CVE-2020-0499
URL https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069