CVE - CVE-2007-4619

CVE-ID
CVE-2007-4619	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:26042 URL:http://www.securityfocus.com/bid/26042 CONFIRM:http://bugzilla.redhat.com/show_bug.cgi?id=331991 CONFIRM:http://flac.sourceforge.net/changelog.html#flac_1_2_1 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=332571 CONFIRM:https://issues.rpath.com/browse/RPL-1873 DEBIAN:DSA-1469 URL:http://www.debian.org/security/2008/dsa-1469 FEDORA:FEDORA-2007-2596 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html GENTOO:GLSA-200711-15 URL:http://security.gentoo.org/glsa/glsa-200711-15.xml IDEFENSE:20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608 MANDRIVA:MDKSA-2007:214 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:214~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10571 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571 REDHAT:RHSA-2007:0975 URL:http://www.redhat.com/support/errata/RHSA-2007-0975.html SECTRACK:1018815 URL:http://securitytracker.com/id?1018815 SECUNIA:27210 URL:http://secunia.com/advisories/27210 SECUNIA:27223 URL:http://secunia.com/advisories/27223 SECUNIA:27355 URL:http://secunia.com/advisories/27355 SECUNIA:27399 URL:http://secunia.com/advisories/27399 SECUNIA:27507 URL:http://secunia.com/advisories/27507 SECUNIA:27601 URL:http://secunia.com/advisories/27601 SECUNIA:27625 URL:http://secunia.com/advisories/27625 SECUNIA:27628 URL:http://secunia.com/advisories/27628 SECUNIA:27780 URL:http://secunia.com/advisories/27780 SECUNIA:27878 URL:http://secunia.com/advisories/27878 SECUNIA:28548 URL:http://secunia.com/advisories/28548 SUSE:SUSE-SR:2007:022 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html UBUNTU:USN-540-1 URL:http://www.ubuntu.com/usn/usn-540-1 VUPEN:ADV-2007-3483 URL:~~http://www.vupen.com/english/advisories/2007/3483~~ (Obsolete source) VUPEN:ADV-2007-3484 URL:~~http://www.vupen.com/english/advisories/2007/3484~~ (Obsolete source) VUPEN:ADV-2007-4061 URL:~~http://www.vupen.com/english/advisories/2007/4061~~ (Obsolete source) XF:flac-media-files-bo(37187) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/37187
Assigning CNA
MITRE Corporation
Date Record Created
20070830	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070830)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)