CNNVD-202601-3285 Information
Jan 20, 2026
cve
CNNVD ID
CNNVD-202601-3285
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
dr_libs是David Reid个人开发者的一个C/C++的音频解码库。 dr_libs存在安全漏洞,该漏洞源于信任FLAC元数据中的totalPCMFrameCount字段,可能导致整数溢出,允许攻击者通过特制文件对使用该工具的程序发起拒绝服务攻击。
Description (English)
Dr libs is a C/C++ sound decoder of David Reid’s personal developer. There is a security loophole in dr libs, which stems from the trust in the TotalPCMFrameCount field in FLAC metadata, which may result in an integer spill, allowing the assailant to launch a denial-of-service attack on the process of using the tool through a custom-made document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0 https://www.kb.cert.org/vuls/id/924114
Patch
https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0
Share on: