Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4974

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4974
Last Modified 18 Oct 2011 12:00:00
Published 19 Sep 2007 01:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4974

Summary

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Vulnerable Systems

Application

  • Mega-nerd Libsndfile 0.0.28

  • Mega-nerd Libsndfile 0.0.8

  • Mega-nerd Libsndfile 1.0.0

  • Mega-nerd Libsndfile 1.0.1

  • Mega-nerd Libsndfile 1.0.10

  • Mega-nerd Libsndfile 1.0.11

  • Mega-nerd Libsndfile 1.0.12

  • Mega-nerd Libsndfile 1.0.13

  • Mega-nerd Libsndfile 1.0.14

  • Mega-nerd Libsndfile 1.0.15

  • Mega-nerd Libsndfile 1.0.16

  • Mega-nerd Libsndfile 1.0.17


References

FEDORA - FEDORA-2007-2236

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=296221

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=192834

VUPEN - ADV-2007-3241

UBUNTU - USN-525-1

BID - 25758

MANDRIVA - MDKSA-2007:191

DEBIAN - DSA-1442

GENTOO - GLSA-200710-04

SECUNIA - 28412

SECUNIA - 28265

SECUNIA - 27100

SECUNIA - 27071

SECUNIA - 27018

SECUNIA - 26932

SECUNIA - 26921

SUSE - SUSE-SR:2008:001

Related Patches

Novell SUSE 2007:4431 libsndfile security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:02