CVE-2025-14369
- Source
- https://cve.org/CVERecord?id=CVE-2025-14369
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14369.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-14369
- Downstream
- Published
- 2026-01-20T12:15:48.440Z
- Modified
- 2026-01-28T05:52:47.724100Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
drflac, an audio decoder within the drlibs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
- References
Affected packages
Git / github.com/mackron/dr_libs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mackron/dr_libs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
flac-0.*
flac-0.12.43
flac-0.13.0
flac-0.13.1
mp3-0.*
mp3-0.6.40
mp3-0.7.0
mp3-0.7.1
wav-0.*
wav-0.13.17
wav-0.14.0
wav-0.14.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14369.json"
vanir_signatures
[
{
"digest": {
"line_hashes": [
"2272873539217649677311847914500477688",
"325117956489813526796112203582791158344",
"43694044640238617989751435236088567275",
"297651770317242392417755929133067287574",
"235195634800161156325365220327627169382",
"182680987940512345278202053112027542389",
"124533198011352049063649952199865837098",
"331281813269733634677331258338017006841",
"177534819893253267519082244332326403667",
"155791506325620513655771864970720288020",
"121896918977067299092091878011031263381",
"34784166802446800873967821288268711738",
"337088495695583812749374166449359908483",
"146752017869043380297229598094066669167",
"292705518095718228072737507760754546550",
"155460187545943274712565147469360699804",
"88558105475085065525237850959590493469",
"268639650005652078250200277974510128645",
"293857144800235952099124423926971661345",
"108468649351246958639474159688074123271",
"51664760018238681666754537402577283944",
"35372958160664278267313253186753227032",
"298858295611797470100512304394869700057",
"306827683592183885311935728583992260891",
"97885317416914990033755801757790751605",
"180421216668384554429816208221893164863",
"201839718581014266974372918935973018441",
"281219075999401268610480336299353243868",
"211955567581794094215406735173077328416",
"237501853708181614074656016701963534036",
"270176129213516254750623467919024546248",
"110347863701324350235365632333800399079",
"334679514769121965532558455804210404890",
"112405302124459136712467173944277489648",
"175573371971889598533784205682623549039",
"42086258332877092945370045502913679996",
"241411806194250511193344795586879714655",
"264235606536066860687182487175079151038",
"158180504020793237368528907193792783884",
"305189022041883118383585898352594603454",
"225422385464401916576702064962702223657",
"321643232038364856755642403784958583400",
"103137645577131216360093940240659123655"
],
"threshold": 0.9
},
"id": "CVE-2025-14369-eed08b83",
"source": "https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dr_flac.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1539.0,
"function_hash": "10191337702557558206654121460813971340"
},
"id": "CVE-2025-14369-f9c04617",
"source": "https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "dr_flac.h",
"function": "extension"
},
"signature_type": "Function"
}
]