CVE-2025-14369 | THREATINT

Description

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

PUBLISHED Reserved 2025-12-09 | Published 2026-01-20 | Updated 2026-01-20 | Assigner certcc

Problem types

CWE-190: Integer Overflow or Wraparound

Product status

Any version

affected

References

www.kb.cert.org/vuls/id/924114

github.com/...ommit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0

cve.org (CVE-2025-14369)

nvd.nist.gov (CVE-2025-14369)

Download JSON