PublicDateAtUSN: 2014-11-26
Candidate: CVE-2014-8962
PublicDate: 2014-11-26 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8962
 https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
 http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
 https://ubuntu.com/security/notices/USN-2426-1
Description:
 Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
 allows remote attackers to execute arbitrary code via a crafted .flac file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770918
Priority: medium
Discovered-by: Michele Spagnuolo
Assigned-to: mdeslaur
CVSS: 

Patches_flac:
 upstream: https://git.xiph.org/?p=flac.git;h=5b3033a2b355068c11fe637e14ac742d273f076e
upstream_flac: released (1.3.1)
lucid_flac: released (1.2.1-2ubuntu0.1)
precise_flac: released (1.2.1-6ubuntu0.1)
trusty_flac: released (1.3.0-2ubuntu0.14.04.1)
trusty/esm_flac: released (1.3.0-2ubuntu0.14.04.1)
utopic_flac: released (1.3.0-2ubuntu0.14.10.1)
devel_flac: released (1.3.0-2ubuntu1)