Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for libflac by flac
CVE-2014-9028 (GCVE-0-2014-9028)
Vulnerability from nvd – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
VLAI
Summary
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0767.html | vendor-advisoryx_refsource_REDHAT |
| http://packetstormsecurity.com/files/129261/libFL… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2426-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/archive/1/534083/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2014/dsa-3082 | vendor-advisoryx_refsource_DEBIAN |
| https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=f… | x_refsource_CONFIRM |
| http://advisories.mageia.org/MGASA-2014-0499.html | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| http://www.ocert.org/advisories/ocert-2014-008.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/71282 | vdb-entryx_refsource_BID |
Date Public
2014-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9028",
"datePublished": "2014-11-26T15:00:00.000Z",
"dateReserved": "2014-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:33:13.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8962 (GCVE-0-2014-8962)
Vulnerability from nvd – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
VLAI
Summary
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-0767.html | vendor-advisoryx_refsource_REDHAT |
| http://packetstormsecurity.com/files/129261/libFL… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2426-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/71280 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/534083/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2014/dsa-3082 | vendor-advisoryx_refsource_DEBIAN |
| http://advisories.mageia.org/MGASA-2014-0499.html | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| http://www.ocert.org/advisories/ocert-2014-008.html | x_refsource_MISC |
Date Public
2014-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8962",
"datePublished": "2014-11-26T15:00:00.000Z",
"dateReserved": "2014-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:33:12.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6277 (GCVE-0-2007-6277)
Vulnerability from nvd – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2008/dsa-1469 | vendor-advisoryx_refsource_DEBIAN |
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28548 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:35.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6277",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:35.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6278 (GCVE-0-2007-6278)
Vulnerability from nvd – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6278",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6279 (GCVE-0-2007-6279)
Vulnerability from nvd – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6279",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4619 (GCVE-0-2007-4619)
Vulnerability from nvd – Published: 2007-10-12 21:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2007-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name": "http://bugzilla.redhat.com/show_bug.cgi?id=331991",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27878"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018815"
},
{
"name": "https://issues.rpath.com/browse/RPL-1873",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=332571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "http://flac.sourceforge.net/changelog.html#flac_1_2_1",
"refsource": "CONFIRM",
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4619",
"datePublished": "2007-10-12T21:00:00.000Z",
"dateReserved": "2007-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9028 (GCVE-0-2014-9028)
Vulnerability from cvelistv5 – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
VLAI
Summary
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0767.html | vendor-advisoryx_refsource_REDHAT |
| http://packetstormsecurity.com/files/129261/libFL… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2426-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/archive/1/534083/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2014/dsa-3082 | vendor-advisoryx_refsource_DEBIAN |
| https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=f… | x_refsource_CONFIRM |
| http://advisories.mageia.org/MGASA-2014-0499.html | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| http://www.ocert.org/advisories/ocert-2014-008.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/71282 | vdb-entryx_refsource_BID |
Date Public
2014-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
},
{
"name": "71282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9028",
"datePublished": "2014-11-26T15:00:00.000Z",
"dateReserved": "2014-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:33:13.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8962 (GCVE-0-2014-8962)
Vulnerability from cvelistv5 – Published: 2014-11-26 15:00 – Updated: 2024-08-06 13:33
VLAI
Summary
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5… | x_refsource_CONFIRM |
| http://rhn.redhat.com/errata/RHSA-2015-0767.html | vendor-advisoryx_refsource_REDHAT |
| http://packetstormsecurity.com/files/129261/libFL… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2426-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/71280 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/534083/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://www.debian.org/security/2014/dsa-3082 | vendor-advisoryx_refsource_DEBIAN |
| http://advisories.mageia.org/MGASA-2014-0499.html | x_refsource_CONFIRM |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2014-1… | vendor-advisoryx_refsource_SUSE |
| http://www.ocert.org/advisories/ocert-2014-008.html | x_refsource_MISC |
Date Public
2014-11-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e",
"refsource": "CONFIRM",
"url": "https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e"
},
{
"name": "RHSA-2015:0767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0767.html"
},
{
"name": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.html"
},
{
"name": "USN-2426-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2426-1"
},
{
"name": "71280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71280"
},
{
"name": "20141125 [oCERT 2014-008] libFLAC multiple issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534083/100/0/threaded"
},
{
"name": "MDVSA-2015:188",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:188"
},
{
"name": "DSA-3082",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3082"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0499.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0499.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "MDVSA-2014:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:239"
},
{
"name": "openSUSE-SU-2014:1588",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-12/msg00034.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2014-008.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2014-008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8962",
"datePublished": "2014-11-26T15:00:00.000Z",
"dateReserved": "2014-11-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:33:12.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6277 (GCVE-0-2007-6277)
Vulnerability from cvelistv5 – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2008/dsa-1469 | vendor-advisoryx_refsource_DEBIAN |
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28548 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:35.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "oval:org.mitre.oval:def:10435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10435"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6277",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:35.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6278 (GCVE-0-2007-6278)
Vulnerability from cvelistv5 – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (--\u003e) for the FLAC image file in a crafted .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6278",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6279 (GCVE-0-2007-6279)
Vulnerability from cvelistv5 – Published: 2007-12-07 11:00 – Updated: 2024-08-07 16:02
VLAI
Summary
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://research.eeye.com/html/advisories/publishe… | third-party-advisoryx_refsource_EEYE |
| http://www.securitytracker.com/id?1018974 | vdb-entryx_refsource_SECTRACK |
| http://securityreason.com/securityalert/3423 | third-party-advisoryx_refsource_SREASON |
| http://www.kb.cert.org/vuls/id/544656 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/archive/1/483765/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE",
"x_transferred"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "AD20071115",
"tags": [
"third-party-advisory",
"x_refsource_EEYE"
],
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "AD20071115",
"refsource": "EEYE",
"url": "http://research.eeye.com/html/advisories/published/AD20071115.html"
},
{
"name": "1018974",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018974"
},
{
"name": "3423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3423"
},
{
"name": "VU#544656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/544656"
},
{
"name": "20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483765/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6279",
"datePublished": "2007-12-07T11:00:00.000Z",
"dateReserved": "2007-12-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:02:36.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4619 (GCVE-0-2007-4619)
Vulnerability from cvelistv5 – Published: 2007-10-12 21:00 – Updated: 2024-08-07 15:01
VLAI
Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
31 references
Date Public
2007-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26042",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018815"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26042"
},
{
"name": "GLSA-200711-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-15.xml"
},
{
"name": "27507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27507"
},
{
"name": "27223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27223"
},
{
"name": "DSA-1469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1469"
},
{
"name": "USN-540-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-540-1"
},
{
"name": "20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608"
},
{
"name": "27210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27210"
},
{
"name": "27601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27601"
},
{
"name": "ADV-2007-4061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4061"
},
{
"name": "http://bugzilla.redhat.com/show_bug.cgi?id=331991",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/show_bug.cgi?id=331991"
},
{
"name": "27780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27780"
},
{
"name": "28548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28548"
},
{
"name": "FEDORA-2007-2596",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html"
},
{
"name": "27878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27878"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243"
},
{
"name": "27355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27355"
},
{
"name": "27628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27628"
},
{
"name": "27399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27399"
},
{
"name": "flac-media-files-bo(37187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37187"
},
{
"name": "MDKSA-2007:214",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:214"
},
{
"name": "1018815",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018815"
},
{
"name": "https://issues.rpath.com/browse/RPL-1873",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1873"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=332571",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=332571"
},
{
"name": "ADV-2007-3483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3483"
},
{
"name": "RHSA-2007:0975",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0975.html"
},
{
"name": "oval:org.mitre.oval:def:10571",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571"
},
{
"name": "27625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27625"
},
{
"name": "SUSE-SR:2007:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html"
},
{
"name": "http://flac.sourceforge.net/changelog.html#flac_1_2_1",
"refsource": "CONFIRM",
"url": "http://flac.sourceforge.net/changelog.html#flac_1_2_1"
},
{
"name": "ADV-2007-3484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3484"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4619",
"datePublished": "2007-10-12T21:00:00.000Z",
"dateReserved": "2007-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}