CVE - CVE-2007-4619

CVE-ID
CVE-2007-4619	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20071011 Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608 CONFIRM:http://flac.sourceforge.net/changelog.html#flac_1_2_1 CONFIRM:http://bugzilla.redhat.com/show_bug.cgi?id=331991 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=332571 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243 CONFIRM:https://issues.rpath.com/browse/RPL-1873 DEBIAN:DSA-1469 URL:http://www.debian.org/security/2008/dsa-1469 FEDORA:FEDORA-2007-2596 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html GENTOO:GLSA-200711-15 URL:http://security.gentoo.org/glsa/glsa-200711-15.xml MANDRIVA:MDKSA-2007:214 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:214 REDHAT:RHSA-2007:0975 URL:http://www.redhat.com/support/errata/RHSA-2007-0975.html SUSE:SUSE-SR:2007:022 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html UBUNTU:USN-540-1 URL:http://www.ubuntu.com/usn/usn-540-1 BID:26042 URL:http://www.securityfocus.com/bid/26042 OVAL:oval:org.mitre.oval:def:10571 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10571 VUPEN:ADV-2007-3483 URL:http://www.vupen.com/english/advisories/2007/3483 VUPEN:ADV-2007-3484 URL:http://www.vupen.com/english/advisories/2007/3484 VUPEN:ADV-2007-4061 URL:http://www.vupen.com/english/advisories/2007/4061 SECTRACK:1018815 URL:http://securitytracker.com/id?1018815 SECUNIA:27210 URL:http://secunia.com/advisories/27210 SECUNIA:27223 URL:http://secunia.com/advisories/27223 SECUNIA:27355 URL:http://secunia.com/advisories/27355 SECUNIA:27507 URL:http://secunia.com/advisories/27507 SECUNIA:27625 URL:http://secunia.com/advisories/27625 SECUNIA:27601 URL:http://secunia.com/advisories/27601 SECUNIA:27628 URL:http://secunia.com/advisories/27628 SECUNIA:27780 URL:http://secunia.com/advisories/27780 SECUNIA:27399 URL:http://secunia.com/advisories/27399 SECUNIA:27878 URL:http://secunia.com/advisories/27878 SECUNIA:28548 URL:http://secunia.com/advisories/28548 XF:flac-media-files-bo(37187) URL:http://xforce.iss.net/xforce/xfdb/37187
Date Entry Created
20070830	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070830)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2007-4619