PT-2007-7462 · Xiph.Org+2 · Liboggflac++-Dev+14
Published
1970-01-01
·
Updated
2017-09-29
·
CVE-2007-4619
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
libFLAC versions prior to 1.2.1
flac versions prior to 1.2.1-r1
libflac-dev (affected versions not specified)
liboggflac-dev (affected versions not specified)
libflac6 (affected versions not specified)
liboggflac++-dev (affected versions not specified)
flac-devel-1.1.0 (affected versions not specified)
libflac++5 (affected versions not specified)
libflac++-dev (affected versions not specified)
liboggflac1 (affected versions not specified)
liboggflac3 (affected versions not specified)
libflac++4 (affected versions not specified)
liboggflac++0c102 (affected versions not specified)
libflac7 (affected versions not specified)
liboggflac++2 (affected versions not specified)
flac-1.1.0 (affected versions not specified)
flac-devel-1.1.2 (affected versions not specified)
libflac-doc (affected versions not specified)
xmms-flac (affected versions not specified)
flac-1.1.2 (affected versions not specified)
Description
The issue is related to multiple integer overflows in the Free Lossless Audio Codec (FLAC) library, which can be exploited by remote attackers to execute arbitrary code via a malformed FLAC file, resulting in a heap-based buffer overflow. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.
Recommendations
For libFLAC versions prior to 1.2.1, update to version 1.2.1 or later.
For flac versions prior to 1.2.1-r1, update to version 1.2.1-r1 or later.
For other affected versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat
Flac
Flac-Devel
Libflac
Libflac-Dev
Libflac++4
Libflac++5
Libflac6
Libflac7
Liboggflac++-Dev
Liboggflac++0C102
Liboggflac++2
Liboggflac1
Liboggflac3
Xmms-Flac