PT-2014-1934 · Xiph.Org+4 · Flac+4

Published

2014-11-26

·

Updated

2024-06-15

·

CVE-2014-8962

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions flac versions prior to 1.3.1
Description The issue is related to a stack-based buffer overflow in the stream decoder.c file of the libFLAC library. This can be exploited by remote attackers through a crafted .flac file, potentially leading to the execution of arbitrary code and compromising the confidentiality, integrity, and availability of protected information.
Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to .flac files from untrusted sources to minimize the risk of exploitation.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-09798
CESA-2015_0767
CVE-2014-8962
DLA-99-1
DSA-3082-1
MGASA-2014-0499
OPENSUSE-SU-2024:10130-1
RHSA-2015:0767
RHSA-2015_0767
SUSE-SU-2014_1577-1
SUSE-SU-2014_1663-1
USN-2426-1

Affected Products

Centos
Red Hat
Suse
Ubuntu
Flac