CVE-2021-0561 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Group Package Affected Fixed Severity Status Ticket
AVG-2092 flac 1.3.3-3 Medium Vulnerable
References
https://source.android.com/security/bulletin/pixel/2021-06-01
https://github.com/xiph/flac/issues/243
https://android.googlesource.com/platform/external/flac/+/368eb3f5bec249a197c95a95583ff8153aa6a87f%5E%21/