CVE-2025-14369

MEDIUM

dr_flac < 0.13.2 - Denial of Service via Integer Overflow in FLAC Metadata

Title source: llm

Description

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

References (2)

Core 2

Core References

Patch

https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0

View Patch ZIP pw:eip

Third Party Advisory, US Government Resource

https://www.kb.cert.org/vuls/id/924114

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (1)

mackron/dr_flac < 0.13.2

Published Jan 20, 2026

Tracked Since Feb 18, 2026