Published: 22/06/2021 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

It exists that FLAC was not properly performing bounds checking operations when encoding data. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to expose sensitive information or to cause FLAC to crash, leading to a denial of service. (CVE-2021-0561)

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 11.0
fedoraproject fedora 35
fedoraproject fedora 36
debian debian linux 9.0
debian debian linux 10.0

Synopsis Moderate: flac security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for flac is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

Debian Bug report logs - #1006339 flac: CVE-2021-0561 Package: src:flac; Maintainer for src:flac is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 23 Feb 2022 22:03:01 UTC Severity: important Tags: fixed-upstream, security, upstream ...

Several security issues were fixed in FLAC ...

An out-of-bounds write vulnerability was found in libFlak The vulnerability occurs due to a missing bounds check This flaw allows a local attacker without additional execution privileges to cause local information disclosure (CVE-2021-0561) ...

In append_to_verify_fifo_interleaved_ of stream_encoderc, there is a possible out of bounds write due to a missing bounds check This could lead to local information disclosure with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-11Android ID: A-174302683 ...

In append_to_verify_fifo_interleaved_ of stream_encoderc, there is a possible out of bounds write due to a missing bounds check This could lead to local information disclosure with no additional execution privileges needed User interaction is not needed for exploitation ...

An out-of-bounds write vulnerability was found in libFlak The vulnerability occurs due to a missing bounds check This flaw allows a local attacker without additional execution privileges to cause local information disclosure (CVE-2021-0561) ...

CWE-787 https://source.android.com/security/bulletin/pixel/2021-06-01 https://lists.debian.org/debian-lts-announce/2022/03/msg00022.html https://lists.debian.org/debian-lts-announce/2022/09/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWXBVMPPSL377I7YM55ZYXVKVMYOKES2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4Y7BW35TGNFYBYBSBDSGLUJHHTYEUSG/https://access.redhat.com/errata/RHSA-2022:8078 https://ubuntu.com/security/notices/USN-5733-1 https://nvd.nist.gov

CVE-2021-0561

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect