FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

flac -- media file processing integer overflow vulnerabilities

Affected packages
flac < 1.1.2_2

Details

VuXML ID ff65eecb-91e4-11dc-bd6c-0016179b2dd5
Discovery 2007-10-11
Entry 2007-11-13

iDefense Laps reports:

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.

References

CVE Name CVE-2007-4619
URL http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
URL http://secunia.com/advisories/27210/