CVE-2007-4619

CVE-2007-4619 describes multiple heap/stack-based overflows in FLAC libFLAC before 1.2.1 that could allow remote code execution via malformed FLAC files. Public advisories confirm upgrades to FLAC 1.2.1 fix the issue (e.g., Debian DSA-1469-1, CentOS/RHEL advisories, Fedora updates). Affected prod...

CVE-2014-8962

CVE-2014-8962 is a stack-based buffer overflow in libFLAC’s stream_decoder.c (affected pre-1.3.1) that allows remote code execution via a crafted .flac file. Related CVE-2014-9028 is a heap-based overflow in the same component. The public details reference versions up to 1.3.1 and show patches/up...

CVE-2014-9028

CVE-2014-9028 (libFLAC) : A heap-based buffer overflow in stream_decoder.c of libFLAC prior to 1.3.1 allows remote attackers to execute arbitrary code by processing a specially crafted FLAC file. The issue is confirmed in multiple advisories: Android security bulletin’s libFLAC entry (CVE-2014-90...

CVE-2007-6277

The CVE-2007-6277 entry covers multiple heap- and stack-based overflow vulnerabilities in the FLAC library (libFLAC) prior to 1.2.1 that could allow remote code execution when processing specially crafted FLAC files. Connected advisories confirm concrete details: several overflow vectors (heap/st...

CVE-2007-6279

The vulnerability is in the Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, where multiple double-free flaws affect parsing .FLAC files. Specifically, malformed Seektable values or Seektable Data Offsets can allow user‑assisted remote attackers to execute arbitrary code. Practical impact i...

CVE-2007-6278

CVE-2007-6278 affects the FLAC library (libFLAC) prior to 1.2.1. A crafted .FLAC file can trigger the MIME-Type URL flag in the FLAC image block, allowing a user-assisted remote attacker to cause the client to download arbitrary files. The vulnerability stems from (unexplicit) handling of the ima...