CVE-2024-41147

NameCVE-2024-41147
DescriptionAn out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1099609

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
miniaudio (PTS)sid, trixie0.11.21+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
miniaudiosource(unstable)(unfixed)1099609

Notes

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2063
Search for package or bug name: Reporting problems