CVE-2007-4619

Name of the Vulnerable Software and Affected Versions libFLAC versions prior to 1.2.1 flac versions prior to 1.2.1-r1 libflac-dev (affected versions not specified) liboggflac-dev (affected versions not specified) libflac6 (affected versions not specified) liboggflac++-dev (affected versions not specified) flac-devel-1.1.0 (affected versions not specified) libflac++5 (affected versions not specified) libflac++-dev (affected versions not specified) liboggflac1 (affected versions not specified) liboggflac3 (affected versions not specified) libflac++4 (affected versions not specified) liboggflac++0c102 (affected versions not specified) libflac7 (affected versions not specified) liboggflac++2 (affected versions not specified) flac-1.1.0 (affected versions not specified) flac-devel-1.1.2 (affected versions not specified) libflac-doc (affected versions not specified) xmms-flac (affected versions not specified) flac-1.1.2 (affected versions not specified)

Description The issue is related to multiple integer overflows in the Free Lossless Audio Codec (FLAC) library, which can be exploited by remote attackers to execute arbitrary code via a malformed FLAC file, resulting in a heap-based buffer overflow. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For libFLAC versions prior to 1.2.1, update to version 1.2.1 or later. For flac versions prior to 1.2.1-r1, update to version 1.2.1-r1 or later. For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.