FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4619

This CVE name corresponds to:

Entered Topic
2007-11-13 flac -- media file processing integer overflow vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-4619 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-4619
Phase Assigned(20070830)

Description

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities
CONFIRM http://flac.sourceforge.net/changelog.html#flac_1_2_1
CONFIRM http://bugzilla.redhat.com/show_bug.cgi?id=331991
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=332571
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243
CONFIRM https://issues.rpath.com/browse/RPL-1873
DEBIAN DSA-1469
FEDORA FEDORA-2007-2596
GENTOO GLSA-200711-15
MANDRIVA MDKSA-2007:214
REDHAT RHSA-2007:0975
SUSE SUSE-SR:2007:022
UBUNTU USN-540-1
BID 26042
OVAL oval:org.mitre.oval:def:10571
VUPEN ADV-2007-3483
VUPEN ADV-2007-3484
VUPEN ADV-2007-4061
SECTRACK 1018815
SECUNIA 27210
SECUNIA 27223
SECUNIA 27355
SECUNIA 27507
SECUNIA 27625
SECUNIA 27601
SECUNIA 27628
SECUNIA 27780
SECUNIA 27399
SECUNIA 27878
SECUNIA 28548
XF flac-media-files-bo(37187)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.