CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.2%
libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC.
Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow (CVE-2007-4974).
A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted FLAC file or network stream with an application using libsndfile. This might lead to the execution of arbitrary code with privileges of the user playing the file.
There is no known workaround at this time.
All libsndfile users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libsndfile-1.0.17-r1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-libs/libsndfile | < 1.0.17-r1 | UNKNOWN |