CVE-2020-0499

Name
CVE-2020-0499
Description
In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://source.android.com/security/bulletin/pixel/2020-12-01
Mailing List https://lists.debian.org/debian-lts-announce/2021/01/msg00001.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/
Mailing List https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* android == None == 11.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
flac 3.15-main 1.3.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
flac 3.14-main 1.3.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
flac 3.13-main 1.3.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
flac 3.12-main 1.3.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
flac 3.16-main 1.3.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed