[flac-dev] Two new CVEs against FLAC
Erik de Castro Lopo
mle+la at mega-nerd.com
Tue Dec 9 23:35:30 PST 2014
Janne Hyvärinen wrote:
> This patch breaks seeking in some perfectly valid files. So far I have
> received one sample full CD image from a foobar2000 user where a track
> is rendered inaccessible because of this. Re-encoding the file with FLAC
> 1.2.1 - 1.3.1 with identical settings doesn't remove the seeking problem.
> Either this patch needs to go or it needs to be altered to not prevent
> seek sync.
I think I have an alternative fix for the CVE which should not break
seeking. I'm working on getting an copy of the file with which to test.
Cheers,
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
More information about the flac-dev
mailing list