CVE-2007-4619

2007-10-12 23:17:00 2017-09-29 03:29:20

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Nullsoft Winamp 5.35 Flac Libflac 1.2 (not an official CPE)

Nullsoft - Winamp Flac - Libflac

Advisory	Patch	Confirmed	Link
			FEDORA-2007-2596
			flac-media-files-bo(37187)
			https://issues.rpath.com/browse/RPL-1873
			https://bugzilla.redhat.com/show_bug.cgi?id=332571
			ADV-2007-4061
			ADV-2007-3484
			ADV-2007-3483
			USN-540-1
			26042
			MDKSA-2007:214
			RHSA-2007:0975
			DSA-1469
			http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243
			1018815
			GLSA-200711-15
			SUSE-SR:2007:022
			http://flac.sourceforge.net/changelog.html#flac_1_2_1
			20071011 Multiple Vendor FLAC Library Multiple Integer O...
			http://bugzilla.redhat.com/show_bug.cgi?id=331991

CVE-2007-4619

2007-10-12 23:17:00 2017-09-29 03:29:20

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)