Primary

Context

dr_libs Integer Overflow Vulnerability in dr_flac Component Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in dr_flac, an audio decoder within the dr_libs toolset. The issue arises from an integer overflow caused by the decoder trusting the totalPCMFrameCount field from FLAC metadata without proper validation before calculating the buffer size. This flaw allows an attacker to craft a malicious FLAC file that, when processed by dr_flac, can lead to excessive memory allocation and cause programs using this tool to crash.

Impact

Exploitation of this vulnerability can cause programs that use dr_flac to crash, leading to a denial-of-service condition.

Remediation

The vulnerability has been patched in commit b2197b2. Users should update to the latest version.

Added: Jan 20, 2026, 12:23 PM

Updated: Jan 20, 2026, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

2.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

2.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dr_libs Integer Overflow Vulnerability in dr_flac Component Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating