CVE-2007-4619 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Flac
Severity
9.3CRITICALNVD
EPSS
7.9%
top 7.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 12
Latest updateMay 1
Description
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages4 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-26g4-r5qf-54qp: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2022-05-01
GHSA▶
GHSA-5955-gqmh-73gj: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2022-05-01
OSV▶
CVE-2007-6277: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2007-12-07
OSV▶
CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2007-10-12
📋Vendor Advisories
6Debian▶
CVE-2007-6277: flac - Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2...↗2007