Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-4974

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Related bugs and status

CVE-2007-4974 (Candidate) is related to these bugs:

Bug #147822: Please sync libsndfile (main) from Debian unstable (main)

Summary				In	Importance	Status
	147822	Please sync libsndfile (main) from Debian unstable (main)		libsndfile (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.gentoo.or...
CONFIRM: https://bugzilla.redha...
FEDORA: FEDORA-2007-2236
BID: 25758
SECUNIA: 26932
SECUNIA: 26921
SECUNIA: 27018
GENTOO: GLSA-200710-04
UBUNTU: USN-525-1
SECUNIA: 27100
SECUNIA: 27071
MANDRIVA: MDKSA-2007:191
DEBIAN: DSA-1442
SECUNIA: 28265
SUSE: SUSE-SR:2008:001
SECUNIA: 28412
VUPEN: ADV-2007-3241