OESA-2022-1697

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1697

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1697.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1697

Upstream

CVE-2020-0499

Published

2022-06-02T11:03:51Z

Modified

2025-08-12T05:04:50.429307Z

Summary

flac security update

Details

FLAC stands for Free Lossless Audio Codec, an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality.

Security Fix(es):

In FLAC_bitreaderreadricesigned_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070(CVE-2020-0499)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / flac

Package

Name: flac
Purl: pkg:rpm/openEuler/flac&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.3-6.oe1

Ecosystem specific

{
    "x86_64": [
        "xmms-flac-1.3.3-6.oe1.x86_64.rpm",
        "flac-debugsource-1.3.3-6.oe1.x86_64.rpm",
        "flac-debuginfo-1.3.3-6.oe1.x86_64.rpm",
        "flac-help-1.3.3-6.oe1.x86_64.rpm",
        "flac-1.3.3-6.oe1.x86_64.rpm",
        "flac-devel-1.3.3-6.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "flac-debugsource-1.3.3-6.oe1.aarch64.rpm",
        "flac-devel-1.3.3-6.oe1.aarch64.rpm",
        "flac-debuginfo-1.3.3-6.oe1.aarch64.rpm",
        "xmms-flac-1.3.3-6.oe1.aarch64.rpm",
        "flac-help-1.3.3-6.oe1.aarch64.rpm",
        "flac-1.3.3-6.oe1.aarch64.rpm"
    ],
    "src": [
        "flac-1.3.3-6.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / flac

Package

Name: flac
Purl: pkg:rpm/openEuler/flac&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.3-6.oe1

Ecosystem specific

{
    "x86_64": [
        "flac-debuginfo-1.3.3-6.oe1.x86_64.rpm",
        "flac-1.3.3-6.oe1.x86_64.rpm",
        "flac-devel-1.3.3-6.oe1.x86_64.rpm",
        "xmms-flac-1.3.3-6.oe1.x86_64.rpm",
        "flac-debugsource-1.3.3-6.oe1.x86_64.rpm",
        "flac-help-1.3.3-6.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "flac-devel-1.3.3-6.oe1.aarch64.rpm",
        "flac-1.3.3-6.oe1.aarch64.rpm",
        "flac-help-1.3.3-6.oe1.aarch64.rpm",
        "flac-debuginfo-1.3.3-6.oe1.aarch64.rpm",
        "xmms-flac-1.3.3-6.oe1.aarch64.rpm",
        "flac-debugsource-1.3.3-6.oe1.aarch64.rpm"
    ],
    "src": [
        "flac-1.3.3-6.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / flac

Package

Name: flac
Purl: pkg:rpm/openEuler/flac&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.3-6.oe2203

Ecosystem specific

{
    "x86_64": [
        "flac-devel-1.3.3-6.oe2203.x86_64.rpm",
        "flac-1.3.3-6.oe2203.x86_64.rpm",
        "flac-help-1.3.3-6.oe2203.x86_64.rpm",
        "xmms-flac-1.3.3-6.oe2203.x86_64.rpm",
        "flac-debugsource-1.3.3-6.oe2203.x86_64.rpm",
        "flac-debuginfo-1.3.3-6.oe2203.x86_64.rpm"
    ],
    "aarch64": [
        "flac-help-1.3.3-6.oe2203.aarch64.rpm",
        "flac-devel-1.3.3-6.oe2203.aarch64.rpm",
        "flac-debugsource-1.3.3-6.oe2203.aarch64.rpm",
        "flac-debuginfo-1.3.3-6.oe2203.aarch64.rpm",
        "flac-1.3.3-6.oe2203.aarch64.rpm",
        "xmms-flac-1.3.3-6.oe2203.aarch64.rpm"
    ],
    "src": [
        "flac-1.3.3-6.oe2203.src.rpm"
    ]
}