UBUNTU-CVE-2025-14369

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-14369

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14369.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-14369

Upstream

CVE-2025-14369

Published

2026-01-20T12:15:00Z

Modified

2026-05-20T16:10:11.254669785Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - low

Summary

[none]

Details

drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

References

Affected packages

Ubuntu:24.04:LTS / libchdr

Package

Name: libchdr
Purl: pkg:deb/ubuntu/libchdr?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20230918.9108f34+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.0~git20230918.9108f34+dfsg-2",
            "binary_name": "libchdr0"
        }
    ],
    "priority_reason": "User has to open specially crafted file for a denial of service"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14369.json"

Ubuntu:25.10 / libchdr

Package

Name: libchdr
Purl: pkg:deb/ubuntu/libchdr?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20240929.aaca599+dfsg-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libchdr0",
            "binary_version": "0.0~git20240929.aaca599+dfsg-1"
        }
    ],
    "priority_reason": "User has to open specially crafted file for a denial of service"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14369.json"

Ubuntu:26.04:LTS / libchdr

Package

Name: libchdr
Purl: pkg:deb/ubuntu/libchdr?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0~git20240929.aaca599+dfsg-1

0.0~git20250608.8bba774+dfsg-1

0.0~git20250608.8bba774+dfsg-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "0.0~git20250608.8bba774+dfsg-2",
            "binary_name": "libchdr0"
        }
    ],
    "priority_reason": "User has to open specially crafted file for a denial of service"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14369.json"