Lucene search
UbuntuUSN-540-1HistoryNov 13, 2007 - 12:00 a.m.
flac vulnerability
2007-11-1300:00:00
ubuntu.com
43
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.467
Percentile
97.5%
Releases
- Ubuntu 7.10
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- flac -
Details
Sean de Regge discovered that flac did not properly perform bounds
checking in many situations. An attacker could send a specially crafted
FLAC audio file and execute arbitrary code as the user or cause a denial
of service in flac or applications that link against flac.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.10 | noarch | libflac8 | < 1.1.4-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | flac | < 1.1.4-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libflac++-dev | < 1.1.4-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libflac++6 | < 1.1.4-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.10 | noarch | libflac-dev | < 1.1.4-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libflac7 | < 1.1.2-5ubuntu2.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | flac | < 1.1.2-5ubuntu2.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libflac++-dev | < 1.1.2-5ubuntu2.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libflac++5c2 | < 1.1.2-5ubuntu2.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libflac-dev | < 1.1.2-5ubuntu2.1 | UNKNOWN |
References
Related
nessus
nessus
SuSE9 Security Update : flac (YOU Patch Number 11926)
2009-09-24 00:00:00
FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)
2007-11-14 00:00:00
Fedora Core 6 : flac-1.1.2-28 (2007-730)
2007-11-06 00:00:00
cert
cert
libFLAC contains multiple vulnerabilities
2007-11-15 00:00:00
securityvulns
securityvulns
prion
prion
Integer overflow
2007-10-12 21:17:00
Heap overflow
2007-12-07 11:46:00
openvas
openvas
FreeBSD Ports: flac
2008-09-04 00:00:00
Ubuntu Update for flac vulnerability USN-540-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200711-15 (flac)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2007-4619
2007-10-12 21:00:00
CVE-2007-6277
2007-12-07 11:00:00
cve
cve
CVE-2007-4619
2007-10-12 21:17:00
CVE-2007-6277
2007-12-07 11:46:00
checkpoint_advisories
checkpoint_advisories
FLAC libFLAC Multiple Buffer Overflows (CVE-2007-4619)
2007-11-22 00:00:00
gentoo
gentoo
FLAC: Buffer overflow
2007-11-12 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: flac-1.1.2-28
2007-11-05 14:24:30
[SECURITY] Fedora 7 Update: flac-1.2.1-1.fc7
2007-11-01 21:22:33
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2007-4619
2007-10-12 21:17:00
CVE-2007-6277
2007-12-07 11:46:00
freebsd
freebsd
flac -- media file processing integer overflow vulnerabilities
2007-10-11 00:00:00
nvd
nvd
CVE-2007-4619
2007-10-12 21:17:00
CVE-2007-6277
2007-12-07 11:46:00
oraclelinux
oraclelinux
Important: flac security update
2007-10-22 00:00:00
debian
debian
[SECURITY] [DSA 1469-1] New flac packages fix arbitrary code execution
2008-01-20 15:43:22
redhat
redhat
(RHSA-2007:0975) Important: flac security update
2007-10-22 00:00:00
centos
centos
flac, xmms security update
2007-10-22 19:52:23
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.1
Confidence
Low
EPSS
0.467
Percentile
97.5%
Related for USN-540-1