Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/flac@1.0.2-1
purl pkg:deb/debian/flac@1.0.2-1
Next non-vulnerable version 1.3.3-2+deb11u2
Latest non-vulnerable version 1.3.3-2+deb11u2
Risk 3.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-6gew-nczx-2bec
Aliases:
CVE-2020-0499
1.3.3-2+deb11u2
Affected by 0 other vulnerabilities.
VCID-74mn-9px8-n7ac
Aliases:
CVE-2017-6888
1.3.2-3+deb10u2
Affected by 3 other vulnerabilities.
VCID-9dcq-zh5q-13bu
Aliases:
CVE-2007-6278
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
1.2.1-1.2
Affected by 6 other vulnerabilities.
VCID-gjmb-m7zy-1bbm
Aliases:
CVE-2007-6279
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
1.2.1-1.2
Affected by 6 other vulnerabilities.
VCID-m1w3-xsq2-tbaq
Aliases:
CVE-2014-9028
security update
1.2.1-6+deb7u1
Affected by 6 other vulnerabilities.
1.3.0-3
Affected by 4 other vulnerabilities.
VCID-nce2-9man-cfc2
Aliases:
CVE-2007-4619
Multiple integer overflow vulnerabilities were found in FLAC possibly allowing for the execution of arbitrary code.
1.2.1-1.2
Affected by 6 other vulnerabilities.
VCID-vvj5-fg2q-cbcw
Aliases:
CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
1.2.1-1.2
Affected by 6 other vulnerabilities.
VCID-w7xw-5s2f-bbga
Aliases:
CVE-2020-22219
1.3.3-2+deb11u2
Affected by 0 other vulnerabilities.
VCID-wj5b-x81u-hqbn
Aliases:
CVE-2014-8962
security update
1.2.1-6+deb7u1
Affected by 6 other vulnerabilities.
1.3.0-3
Affected by 4 other vulnerabilities.
VCID-wssn-6p7h-juay
Aliases:
CVE-2021-0561
1.3.3-2+deb11u2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T12:45:52.210944+00:00 Debian Oval Importer Affected by VCID-vvj5-fg2q-cbcw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T12:18:37.294617+00:00 Debian Oval Importer Affected by VCID-gjmb-m7zy-1bbm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T11:31:50.526763+00:00 Debian Oval Importer Affected by VCID-wj5b-x81u-hqbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T11:10:56.957435+00:00 Debian Oval Importer Affected by VCID-74mn-9px8-n7ac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T10:35:06.785209+00:00 Debian Oval Importer Affected by VCID-wssn-6p7h-juay https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T08:54:02.776314+00:00 Debian Oval Importer Affected by VCID-m1w3-xsq2-tbaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T06:55:06.097218+00:00 Debian Oval Importer Affected by VCID-w7xw-5s2f-bbga https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T04:38:24.738113+00:00 Debian Oval Importer Affected by VCID-6gew-nczx-2bec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T03:35:27.592496+00:00 Debian Oval Importer Affected by VCID-nce2-9man-cfc2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-13T03:16:44.688552+00:00 Debian Oval Importer Affected by VCID-9dcq-zh5q-13bu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-12T23:32:21.095099+00:00 Debian Oval Importer Affected by VCID-wj5b-x81u-hqbn https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.6.0
2026-06-12T23:23:32.550451+00:00 Debian Oval Importer Affected by VCID-m1w3-xsq2-tbaq https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.6.0