CVE-2007-4619
Published: 12 October 2007
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Notes
| Author | Note |
|---|---|
| jdstrand | fixed in RedHat flac-1.1.2-28.el5_0.1.src.rpm preliminary analysis shows that xine-lib is probably not affected (only 1 call to realloc and 4 calls to xine_xmalloc). The code is quite different, so need to dive in more. requested reproducer on vendor-sec (they said no, but there is a good test suite) Debian 1.2.1-1 in unstable is not affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
flac Launchpad, Ubuntu, Debian |
dapper |
Released
(1.1.2-3ubuntu1.1)
|
| edgy |
Released
(1.1.2-5ubuntu1.1)
|
|
| feisty |
Released
(1.1.2-5ubuntu2.1)
|
|
| gutsy |
Released
(1.1.4-3ubuntu1.1)
|
|
| upstream |
Released
(1.2.1)
|
|
|
xine-lib Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Not vulnerable
|
|
| upstream |
Needs triage
|