CVE-2020-22219

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions flac versions prior to 1.4.0

Description The issue is related to a buffer overflow in the bitwriter grow function of the FLAC audio codec, which can allow an attacker to execute arbitrary code. This can be achieved by providing crafted input to the encoder.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the bitwriter grow function in the FLAC encoder until a patch is available.

Exploit

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2023:5046

ALSA-2023:5048

ALT-PU-2024-1901

AZL-28074

BDU:2023-06152

CESA-2023_5046

CVE-2020-22219

DLA-3581-1

DSA-5500-1

INFSA-2023_5048

MGASA-2023-0277

OESA-2023-1562

OPENSUSE-SU-2023_3635-1

RHSA-2023:5042

RHSA-2023:5043

RHSA-2023:5044

RHSA-2023:5045

RHSA-2023:5046

RHSA-2023:5047

RHSA-2023:5048

RHSA-2023_5046

RHSA-2023_5048

SUSE-SU-2023:3635-1

SUSE-SU-2023_3635-1

USN-6360-1

USN-6360-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Flac

CVE-2020-22219

Weakness Enumeration

Related Identifiers

Affected Products

References · 49