Register | Log in

libchdr

Choose email to subscribe with

general

source: libchdr (main)
version: 0.3.0+dfsg-1
maintainer: Debian Games Team (archive) (DMD)
uploaders: Alexandre Detiste [DMD]
arch: any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 0.0~git20240929.aaca599+dfsg-1
testing: 0.3.0+dfsg-1
unstable: 0.3.0+dfsg-1

versioned links

0.0~git20240929.aaca599+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.3.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libchdr-dev
libchdr0

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-32836: dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.

Created: 2026-06-11 Last update: 2026-06-13 02:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-32836: dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.

Created: 2026-06-11 Last update: 2026-06-13 02:00

debian/patches: 1 patch with invalid metadata high

Among the 1 debian patch available in version 0.3.0+dfsg-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.

Created: 2026-02-01 Last update: 2026-05-13 20:02

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-14369: (needs triaging) dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
CVE-2026-32836: (needs triaging) dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-01-23 Last update: 2026-06-13 02:00

news

[2026-05-19] libchdr 0.3.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2026-05-13] Accepted libchdr 0.3.0+dfsg-1 (source) into unstable (Sébastien Noel)
[2026-05-09] libchdr 0.0~git20250608.8bba774+dfsg-3 MIGRATED to testing (Debian testing watch)
[2026-05-03] Accepted libchdr 0.0~git20250608.8bba774+dfsg-3 (source) into unstable (Alexandre Detiste)
[2026-02-06] libchdr 0.0~git20250608.8bba774+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-01-31] Accepted libchdr 0.0~git20250608.8bba774+dfsg-2 (source) into unstable (Sébastien Noel)
[2025-10-04] libchdr 0.0~git20250608.8bba774+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-09-27] Accepted libchdr 0.0~git20250608.8bba774+dfsg-1 (source) into unstable (Sébastien Noel)
[2024-10-28] libchdr 0.0~git20240929.aaca599+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-10-23] Accepted libchdr 0.0~git20240929.aaca599+dfsg-1 (source) into unstable (Alexandre Detiste)
[2024-06-10] libchdr 0.0~git20230918.9108f34+dfsg-3 MIGRATED to testing (Debian testing watch)
[2024-06-05] libchdr REMOVED from testing (Debian testing watch)
[2024-06-04] Accepted libchdr 0.0~git20230918.9108f34+dfsg-3 (source) into unstable (Alexandre Detiste)
[2024-01-16] libchdr 0.0~git20230918.9108f34+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-01-06] Accepted libchdr 0.0~git20230918.9108f34+dfsg-2 (source amd64) into unstable (Debian FTP Masters) (signed by: Alexandre Detiste)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.3.0+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing