CVE-2006-7075

Name of the Vulnerable Software and Affected Versions Aqualung versions 0.9beta5 and earlier Aqualung CVS versions 0.193.2 and earlier

Description The issue is related to a buffer overflow in the meta read flac function in meta decoder.c. This allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.

Recommendations For Aqualung versions 0.9beta5 and earlier, consider avoiding the use of FLAC files with long Vorbis comments until a fix is available. For Aqualung CVS versions 0.193.2 and earlier, restrict the processing of FLAC files to minimize the risk of exploitation. As a temporary workaround, consider disabling the meta read flac function in meta decoder.c until a patch is available.