FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-3507

This CVE name corresponds to:

Entered Topic
2007-06-28 flac123 -- stack overflow in comment parsing

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-3507 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-3507
Phase Assigned(20070702)

Description

Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.

References

Source Reference
BUGTRAQ 20070629 flac123 0.0.9 - Stack overflow in comment parsing
MISC http://www.isecpartners.com/advisories/2007-002-flactools.txt
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=710314
GENTOO GLSA-200709-06
BID 24712
OSVDB 40524
VUPEN ADV-2007-2420
SECUNIA 26827
SREASON 2854
XF flac123-vcentryparsevalue-bo(35175)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.