CVE-2007-4619

2007-10-1200:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.467

Percentile

97.5%

JSON

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC
before 1.2.1, as used in Winamp before 5.5 and other products, allow
user-assisted remote attackers to execute arbitrary code via a malformed
FLAC file that triggers improper memory allocation, resulting in a
heap-based buffer overflow.

Notes

Author	Note
jdstrand	fixed in RedHat flac-1.1.2-28.el5_0.1.src.rpm preliminary analysis shows that xine-lib is probably not affected (only 1 call to realloc and 4 calls to xine_xmalloc). The code is quite different, so need to dive in more. requested reproducer on vendor-sec (they said no, but there is a good test suite) Debian 1.2.1-1 in unstable is not affected

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchflac< 1.1.2-3ubuntu1.1UNKNOWN
ubuntu6.10noarchflac< 1.1.2-5ubuntu1.1UNKNOWN
ubuntu7.04noarchflac< 1.1.2-5ubuntu2.1UNKNOWN
ubuntu7.10noarchflac< 1.1.4-3ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	flac	< 1.1.2-3ubuntu1.1	UNKNOWN
ubuntu	6.10	noarch	flac	< 1.1.2-5ubuntu1.1	UNKNOWN
ubuntu	7.04	noarch	flac	< 1.1.2-5ubuntu2.1	UNKNOWN
ubuntu	7.10	noarch	flac	< 1.1.4-3ubuntu1.1	UNKNOWN