Lucene search
GoogleOSV:DLA-99-1HistoryDec 05, 2014 - 12:00 a.m.
flac - security update
2014-12-0500:00:00
Google
osv.dev
6
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.571 Medium
EPSS
Percentile
97.2%
Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of
Red Hat, discovered two issues in flac, a library handling Free
Lossless Audio Codec media: by providing a specially crafted FLAC
file, an attacker could execute arbitrary code.
- CVE-2014-8962
Heap-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file. - CVE-2014-9028
Stack-based buffer overflow in stream_decoder.c, allowing
remote attackers to execute arbitrary code via a specially
crafted .flac file.
For Debian 6 Squeeze, these issues have been fixed in flac version 1.2.1-2+deb6u1
References
Related
veracode
veracode
Arbitrary Code Executionary
2019-05-02 05:12:58
Arbitrary Code Execution
2019-01-15 09:05:08
securityvulns
securityvulns
flac memory corruptions
2014-11-30 00:00:00
[USN-2426-1] FLAC vulnerabilities
2014-11-30 00:00:00
[oCERT 2014-008] libFLAC multiple issues
2014-11-30 00:00:00
openvas
openvas
Debian Security Advisory DSA 3082-1 (flac - security update)
2014-11-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1663-1)
2021-04-19 00:00:00
Fedora Update for mingw-flac FEDORA-2014-16270
2014-12-14 00:00:00
centos
centos
flac security update
2015-03-31 23:41:43
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-flac-1.3.1-1.fc21
2014-12-13 09:56:24
[SECURITY] Fedora 23 Update: flac-1.3.1-5.fc23
2015-08-18 05:26:05
[SECURITY] Fedora 19 Update: mingw-flac-1.3.1-1.fc19
2014-12-13 09:54:48
nessus
nessus
Ubuntu 14.04 LTS : FLAC vulnerabilities (USN-2426-1)
2014-11-28 00:00:00
Fedora 21 : flac-1.3.1-1.fc21 (2014-16175)
2014-12-15 00:00:00
f5
f5
K17301056 : libFLAC vulnerabilities CVE-2014-8962 and CVE-2014-9028
2017-07-19 00:00:00
oraclelinux
oraclelinux
flac security update
2015-03-31 00:00:00
freebsd
freebsd
flac -- Multiple vulnerabilities
2014-11-25 00:00:00
archlinux
archlinux
flac: arbitrary code execution
2014-11-26 00:00:00
osv
osv
flac - security update
2014-11-30 00:00:00
ibm
ibm
ubuntu
ubuntu
FLAC vulnerabilities
2014-11-27 00:00:00
amazon
amazon
Important: flac
2015-04-15 21:48:00
mageia
mageia
Updated flac packages fix security vulnerabilities
2014-11-29 23:18:26
debian
debian
[SECURITY] [DSA 3082-1] flac security update
2014-11-30 13:36:27
[SECURITY] [DLA 99-1] flac security update
2014-12-05 18:53:03
[SECURITY] [DSA 3082-1] flac security update
2014-11-30 13:36:27
redhat
redhat
(RHSA-2015:0767) Important: flac security update
2015-03-31 00:00:00
android
android
CVE-2014-9028
2015-10-01 00:00:00
prion
prion
Stack overflow
2014-11-26 15:59:00
Heap overflow
2014-11-26 15:59:00
cve
cve
CVE-2014-9028
2014-11-26 15:59:00
CVE-2014-8962
2014-11-26 15:59:00
debiancve
debiancve
CVE-2014-9028
2014-11-26 15:59:00
CVE-2014-8962
2014-11-26 15:59:00
ubuntucve
ubuntucve
CVE-2014-8962
2014-11-26 00:00:00
CVE-2014-9028
2014-11-26 00:00:00
gentoo
gentoo
FLAC: User-assisted execution of arbitrary code
2014-12-26 00:00:00
threatpost
threatpost
Popular Apps on Google Play Store Remain Unpatched
2019-11-21 12:05:58
androidsecurity
androidsecurity
Nexus Security Bulletin - October 2015
2015-10-05 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.571 Medium
EPSS
Percentile
97.2%
Related for OSV:DLA-99-1