CVE-2025-14369

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-14369
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-14369.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-14369
Downstream
Published
2026-01-20T11:49:08.348Z
Modified
2026-06-18T04:11:18.921710944Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2025-14369
Details

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/14xxx/CVE-2025-14369.json",
    "cna_assigner": "certcc"
}
References

Affected packages

Git / github.com/mackron/dr_libs

Affected ranges

Type
GIT
Repo
https://github.com/mackron/dr_libs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b2197b2eb7bb609df76315bebf44db4ec2a1aed0
Database specific 
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.13.2"
        }
    ]
}

Affected versions

flac-0.*
flac-0.12.43
flac-0.13.0
flac-0.13.1
mp3-0.*
mp3-0.6.40
mp3-0.7.0
mp3-0.7.1
wav-0.*
wav-0.13.17
wav-0.14.0
wav-0.14.1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-14369.json"