CVE-2007-4974

2007-09-1917:17:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.371

Percentile

97.2%

JSON

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

OSVersionArchitecturePackageVersionFilename
Debian12allardour< 1:2.1-1.1ardour_1:2.1-1.1_all.deb
Debian11allardour< 1:2.1-1.1ardour_1:2.1-1.1_all.deb
Debian999allardour< 1:2.1-1.1ardour_1:2.1-1.1_all.deb
Debian12alllibsndfile< 1.0.17-4libsndfile_1.0.17-4_all.deb
Debian11alllibsndfile< 1.0.17-4libsndfile_1.0.17-4_all.deb
Debian999alllibsndfile< 1.0.17-4libsndfile_1.0.17-4_all.deb
Debian13alllibsndfile< 1.0.17-4libsndfile_1.0.17-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ardour	< 1:2.1-1.1	ardour_1:2.1-1.1_all.deb
Debian	11	all	ardour	< 1:2.1-1.1	ardour_1:2.1-1.1_all.deb
Debian	999	all	ardour	< 1:2.1-1.1	ardour_1:2.1-1.1_all.deb
Debian	12	all	libsndfile	< 1.0.17-4	libsndfile_1.0.17-4_all.deb
Debian	11	all	libsndfile	< 1.0.17-4	libsndfile_1.0.17-4_all.deb
Debian	999	all	libsndfile	< 1.0.17-4	libsndfile_1.0.17-4_all.deb
Debian	13	all	libsndfile	< 1.0.17-4	libsndfile_1.0.17-4_all.deb