851 matches found
CVE-2007-6277
The CVE-2007-6277 entry covers multiple heap- and stack-based overflow vulnerabilities in the FLAC library (libFLAC) prior to 1.2.1 that could allow remote code execution when processing specially crafted FLAC files. Connected advisories confirm concrete details: several overflow vectors (heap/st...
CVE-2007-6279
Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...
CVE-2007-6278
CVE-2007-6278 affects the FLAC library (libFLAC) prior to 1.2.1. A crafted .FLAC file can trigger the MIME-Type URL flag in the FLAC image block, allowing a user-assisted remote attacker to cause the client to download arbitrary files. The vulnerability stems from (unexplicit) handling of the ima...
CVE-2007-6279
Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...
CVE-2007-6278
Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag -- for the FLAC image file in a crafted .FLAC file...
CVE-2007-6278
Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag -- for the FLAC image file in a crafted .FLAC file...
CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...
FLAC libFLAC Multiple Buffer Overflows (CVE-2007-4619)
Free Lossless Audio Codec FLAC is a file format designed for audio data compression. LibFLAC is the FLAC project library embedded in various products. A buffer overflow vulnerability has been reported in the FLAC. A remote attacker can exploit this vulnerability via a specially crafted FLAC file...
libFLAC / WinAMP multiple security vulnerabilities
14 different vulnerabilities exist on FLAC media format files parsing...
EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications
Multiple Vulnerabilities In .FLAC File Format and Various Media Applications Release Date: November 15, 2007 Date Reported: September 28, 2007 Vendor Reporting Coordination Began With US-CERT Severity: High Remote Code Execution Vendor: Multiple Vendors Systems Affected: Applications with FLAC...
libFLAC contains multiple vulnerabilities
Overview libFLAC contains multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FLAC Free Lossless Audio Codec is a lossless audio format. libFLAC is a library that can process FLAC files. libFLAC contains multip...
FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)
iDefense Laps reports : Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user. These vulnerabilities specifically exist in the...
GLSA-200711-15 : FLAC: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200711-15 FLAC: Buffer overflow Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Impact : A remote attacker...
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : flac vulnerability (USN-540-1)
Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac. Note that Tenable Network...
USN-540-1: flac vulnerability
Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac...
FLAC: Buffer overflow
Background The Xiph.org Free Lossless Audio Codec FLAC library is the reference implementation of the FLAC audio file format. It contains encoders and decoders in library and executable form. Description Sean de Regge reported multiple integer overflows when processing FLAC media files that could...
Ubuntu 6.06 LTS / 6.10 / 7.04 : libsndfile vulnerability (USN-525-1)
Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers. If a user were tricked into playing a specially crafted FLAC file, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the...
Mandrake Linux Security Advisory : flac (MDKSA-2007:214)
A security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened. Updated packages have been patched to prevent th...
Fedora 7 : flac-1.2.1-1.fc7 (2007-2596)
Wed Oct 17 2007 - Bastien Nocera - 1.2.1-1 - Update to 1.2.1 to fix CVE-2007-4619 332571 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora Core 6 : flac-1.1.2-28 (2007-730)
Wed Oct 17 2007 - Bastien Nocera - 1.1.2-28 - Add patch from Takashi Iwai to fix CVE-2007-4619 332581 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...