Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4619

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4619
Last Modified 07 Mar 2011 09:58:53
Published 12 Oct 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4619

Summary

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Vulnerable Systems

Application

  • Libflac 1.2

  • Nullsoft Winamp 5.35


References

BID - 26042

CONFIRM - http://flac.sourceforge.net/changelog.html#flac_1_2_1

VUPEN - ADV-2007-4061

VUPEN - ADV-2007-3484

VUPEN - ADV-2007-3483

IDEFENSE - 20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities

FEDORA - FEDORA-2007-2596

CONFIRM - https://issues.rpath.com/browse/RPL-1873

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=332571

XF - flac-media-files-bo(37187)

UBUNTU - USN-540-1

REDHAT - RHSA-2007:0975

MANDRIVA - MDKSA-2007:214

DEBIAN - DSA-1469

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243

SECTRACK - 1018815

GENTOO - GLSA-200711-15

SECUNIA - 28548

SECUNIA - 27878

SECUNIA - 27780

SECUNIA - 27628

SECUNIA - 27625

SECUNIA - 27601

SECUNIA - 27507

SECUNIA - 27399

SECUNIA - 27355

SECUNIA - 27223

SECUNIA - 27210

SUSE - SUSE-SR:2007:022

CONFIRM - http://bugzilla.redhat.com/show_bug.cgi?id=331991

Related Patches

Novell SUSE 2007:4569 flac security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:45:54