Launchpad.net

CVE 2007-4619

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Related bugs and status

CVE-2007-4619 (Candidate) is related to these bugs:

Bug #163973: libflac has multiple security vulnerabilities

Summary				In	Importance	Status
	163973	libflac has multiple security vulnerabilities		flac (Ubuntu)	Undecided	Fix Released

Bug #185026: [flac] [CVE-2007-6277] multiple buffer overflows

Summary				In	Importance	Status
	185026	[flac] [CVE-2007-6277] multiple buffer overflows		flac (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20071011 Multiple Vend...
CONFIRM: http://flac.sourceforg...
BID: 26042
SECUNIA: 27210
SECUNIA: 27223
SECTRACK: 1018815
CONFIRM: http://bugzilla.redhat...
REDHAT: RHSA-2007:0975
SECUNIA: 27355
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2007-2596
SECUNIA: 27507
GENTOO: GLSA-200711-15
MANDRIVA: MDKSA-2007:214
SECUNIA: 27625
SECUNIA: 27601
UBUNTU: USN-540-1
SECUNIA: 27628
CONFIRM: http://wiki.rpath.com/...
CONFIRM: https://issues.rpath.c...
SUSE: SUSE-SR:2007:022
SECUNIA: 27780
SECUNIA: 27399
SECUNIA: 27878
DEBIAN: DSA-1469
SECUNIA: 28548
VUPEN: ADV-2007-3483
VUPEN: ADV-2007-3484
VUPEN: ADV-2007-4061
XF: flac-media-files-bo(37...
OVAL: oval:org.mitre.oval:de...