CVE-2020-0499

Published: August 31, 2023Last modified: August 31, 2023

Description

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070

Severity score breakdown

Parameter	Value
Base score	4.3
Attack Vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	LOW
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	flac	Not affected (1.4.2-r0)
Alpaquita Linux	Stream	flac	Not affected (1.4.3-r1)

References

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/01/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/
https://lists.fedoraproject.org/archives/list/[email protected]/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/
https://lists.fedoraproject.org/archives/list/[email protected]/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/
https://source.android.com/security/bulletin/pixel/2020-12-01