[flac-dev] Two new CVEs against FLAC

Erik de Castro Lopo mle+la at mega-nerd.com
Tue Dec 9 23:35:30 PST 2014

Janne Hyvärinen wrote:

> This patch breaks seeking in some perfectly valid files. So far I have 
> received one sample full CD image from a foobar2000 user where a track 
> is rendered inaccessible because of this. Re-encoding the file with FLAC 
> 1.2.1 - 1.3.1 with identical settings doesn't remove the seeking problem.
> Either this patch needs to go or it needs to be altered to not prevent 
> seek sync.

I think I have an alternative fix for the CVE which should not break
seeking. I'm working on getting an copy of the file with which to test.

Erik de Castro Lopo

More information about the flac-dev mailing list