CVE-2007-6277

Name of the Vulnerable Software and Affected Versions libFLAC before 1.2.1 flac-devel-1.1.0 flac-devel-1.1.2 flac-1.1.0 flac-1.1.2 libflac-dev libflac6 liboggflac-dev liboggflac++-dev libflac++5 libflac++4 libflac7 liboggflac1 liboggflac3 liboggflac++0c102 liboggflac++2 libflac-doc xmms-flac

Description The issue involves multiple vulnerabilities in the Free Lossless Audio Codec (FLAC) that can lead to the execution of arbitrary code via large values in a .FLAC file, resulting in heap-based and stack-based overflows. These vulnerabilities can be exploited remotely, potentially disrupting the confidentiality, integrity, and availability of protected information.

Recommendations For libFLAC before 1.2.1, update to version 1.2.1 or later. For flac-devel-1.1.0, flac-devel-1.1.2, flac-1.1.0, and flac-1.1.2, update to a version that includes the fix for these vulnerabilities. For libflac-dev, libflac6, liboggflac-dev, liboggflac++-dev, libflac++5, libflac++4, libflac7, liboggflac1, liboggflac3, liboggflac++0c102, liboggflac++2, libflac-doc, and xmms-flac, consider disabling the use of these packages until a patch is available. As a temporary workaround, avoid using large values in .FLAC files to minimize the risk of exploitation.