Vulnerabilites related to flac - libflac
cve-2007-6277
Vulnerability from cvelistv5
Published
2007-12-07 11:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1469 | vendor-advisory, x_refsource_DEBIAN | |
| http://research.eeye.com/html/advisories/published/AD20071115.html | third-party-advisory, x_refsource_EEYE | |
| http://www.securitytracker.com/id?1018974 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/3423 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/28548 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisory, x_refsource_CERT-VN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securityfocus.com/archive/1/483765/100/200/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:35.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6277",
"datePublished": "2007-12-07T11:00:00",
"dateReserved": "2007-12-07T00:00:00",
"dateUpdated": "2024-08-07T16:02:35.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9028
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9028",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-11-20T00:00:00",
"dateUpdated": "2024-08-06T13:33:13.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8962
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 13:33
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8962",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6278
Vulnerability from cvelistv5
Published
2007-12-07 11:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.eeye.com/html/advisories/published/AD20071115.html | third-party-advisory, x_refsource_EEYE | |
| http://www.securitytracker.com/id?1018974 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/3423 | third-party-advisory, x_refsource_SREASON | |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/archive/1/483765/100/200/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6278",
"datePublished": "2007-12-07T11:00:00",
"dateReserved": "2007-12-07T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6279
Vulnerability from cvelistv5
Published
2007-12-07 11:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://research.eeye.com/html/advisories/published/AD20071115.html | third-party-advisory, x_refsource_EEYE | |
| http://www.securitytracker.com/id?1018974 | vdb-entry, x_refsource_SECTRACK | |
| http://securityreason.com/securityalert/3423 | third-party-advisory, x_refsource_SREASON | |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/archive/1/483765/100/200/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6279",
"datePublished": "2007-12-07T11:00:00",
"dateReserved": "2007-12-07T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4619
Vulnerability from cvelistv5
Published
2007-10-12 21:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name": "http://bugzilla.redhat.com/show_bug.cgi?id=331991",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27878"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018815"
},
{
"name": "https://issues.rpath.com/browse/RPL-1873",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=332571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "http://flac.sourceforge.net/changelog.html#flac_1_2_1",
"refsource": "CONFIRM",
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4619",
"datePublished": "2007-10-12T21:00:00",
"dateReserved": "2007-08-30T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-12-07 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D389BAA-4D7C-4126-8D3D-9C8286BDBB45",
"versionEndIncluding": "1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de doble liberaci\u00f3n en Free Lossless Audio Codec en LibFLAC (FLAC) versiones anteriores a 1.2.1, permiten a los atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de (1) valores de Seektable o (2) Desplazamientos de Datos de Seektable malformados en un archivo .FLAC."
}
],
"id": "CVE-2007-6279",
"lastModified": "2024-11-21T00:39:45.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-07T11:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue.",
"lastModified": "2007-12-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3DA48F-064E-40DE-80AF-0D3789C3D2A9",
"versionEndIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero .flac manipulado."
}
],
"id": "CVE-2014-8962",
"lastModified": "2024-11-21T02:20:01.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:07.057",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71280"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"source": "cve@mitre.org",
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-07 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D389BAA-4D7C-4126-8D3D-9C8286BDBB45",
"versionEndIncluding": "1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
},
{
"lang": "es",
"value": "Free Lossless Audio Codec (FLAC) libFLAC, en versiones anteriores a la 1.2.1, permite que atacantes remotos con intervenci\u00f3n del usuario fuercen al cliente a descargar archivos cualesquiera a trav\u00e9s de la etiqueta MIME-Type URL (--\u003e) para el fichero de imagen FLAC en un archivo .FLAC manipulado."
}
],
"id": "CVE-2007-6278",
"lastModified": "2024-11-21T00:39:45.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-07T11:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this a security issue. The downloading of arbitrary files will be harmless unless there is a vulnerability in the application handling these other filetypes.\n",
"lastModified": "2007-12-11T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-12 21:17
Modified
2024-11-21 00:36
Severity ?
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D389BAA-4D7C-4126-8D3D-9C8286BDBB45",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "366727E0-07BA-4D81-8EB2-7B291722C558",
"versionEndIncluding": "5.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero FLAC malformado que dispara una ubicaci\u00f3n de memoria inapropiada, resultando en un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2007-4619",
"lastModified": "2024-11-21T00:36:02.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-12T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27210"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27223"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27355"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27399"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27507"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27601"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27625"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27628"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27780"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27878"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28548"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018815"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3484"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-07 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D389BAA-4D7C-4126-8D3D-9C8286BDBB45",
"versionEndIncluding": "1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer en Free Lossless Audio Codec (FLAC), en versiones anteriores a la 1.2.1. Permite que atacantes remotos,con intervenci\u00f3n del usuario, ejecuten c\u00f3digo de su elecci\u00f3n usando tama\u00f1os grandes de los valores de longitud y altura de (1) Metadata Block Size (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, y (7) PICTURE Metadata, especificados en un fichero .FLAC, que tiene como resultado un desbordamiento basado en la pila de memoria din\u00e1mica (heap); los valores grandes de (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, y (11) Picture Description Length, tambi\u00e9n especificados en un fichero .FLAC, provocan un desbordamiento basado en la pila (stack).\r\nNOTA: alguna de estos problemas podr\u00eda coincidir con el CVE-2007-4619."
}
],
"id": "CVE-2007-6277",
"lastModified": "2024-11-21T00:39:45.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-07T11:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28548"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:20
Severity ?
Summary
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3DA48F-064E-40DE-80AF-0D3789C3D2A9",
"versionEndIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero .flac manipulado."
}
],
"id": "CVE-2014-9028",
"lastModified": "2024-11-21T02:20:07.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:08.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71282"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"source": "cve@mitre.org",
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}