mackron / dr_libs dr_flac.h Excessive Memory Allocation in PICTURE Metadata Parsing

dr_libs dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.

N/A

未经控制的内存分配

dr_libs 安全漏洞

dr_libs是David Reid个人开发者的一个C/C++的音频解码库。 dr_libs 0.13.3及之前版本存在安全漏洞，该漏洞源于drflac__read_and_decode_metadata函数存在未受控内存分配，可能导致攻击者通过特制PICTURE元数据块触发过度内存分配，造成拒绝服务。

N/A

N/A