MiracleLinux 4 : flac-1.2.1-7.AXS4 (AXSA:2015-100:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-100:01 advisory. Description: The flac packages contain a decoder and an encoder for the FLAC Free Lossless Audio Codec audio file format. Security issues fixed with...

EUVD-2016-3511

Malware in sbrugna...

EUVD-2007-6246

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-2429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free...

RHEL 5 : flac (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - flac: Heap buffer write overflow in readresidualpartitionedrice CVE-2014-9028 - Stack-based buffer overfl...

K17301056: libFLAC vulnerabilities CVE-2014-8962 and CVE-2014-9028

Security Advisory Description CVE-2014-8962 Stack-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. CVE-2014-9028 Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attacker...

SUSE CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

flac: out of bound write in append_to_verify_fifo_interleaved_ of stream_encoder.c

An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a local attacker without additional execution privileges to cause local information disclosure...

Ubuntu: Security Advisory (USN-2426-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0499)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-6888

An error in the "readmetadatavorbiscomment" function src/libFLAC/streamdecoder.c in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file...

Updated libextractor packages fix security vulnerabilities

In 'EXTRACTORwavextractmethod' function of wavextractor.c, the program does not check the value of samplerate, with a crafted file, the samplerate can be set to zero, resulting in a divide by zero and a crash CVE-2017-15266. NULL Pointer Dereference vulnerability in libextract when getting flac...

VideoLAN VLC Denial of Service Vulnerability (CNVD-2017-10161)

VideoLAN VLC media player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc. and so on. A...

CVE-2016-2429

libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corrupti...

Memory corruption

libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corrupti...

CVE-2016-2429

libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corrupti...

UBUNTU-CVE-2016-2429

libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corrupti...

CVE-2016-2429

CVE-2016-2429 affects libFLAC/stream_decoder.c in mediaserver on Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01. Root cause: free operations on uninitialized memory in mediaserver’s decoder path. Impact: remote code execution or denial of service via a...

CVE-2016-2429

libFLAC/streamdecoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corrupti...

Google Patches Stagefright 2.0 in Android OTA Nexus Update

Google today patched the latest round of Stagefright vulnerabilities in Android, pushing them out as part of its latest over-the-air update to Nexus devices. Stagefright 2.0, as it’s come to be known, affected the Stagefright media playback engine in Android and one billion devices dating back to...