CVE-2007-4619
published 2007-10-12CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
6.75%
93.2th percentile
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | flac | < flac 1.2.1-1 (bookworm) | flac 1.2.1-1 (bookworm) |
| flac | libflac | <= 1.2 | — |
| flac_project | flac | >= 0 < 1.2.1-1 | 1.2.1-1 |
| flac_project | flac | >= 0 < 1.2.1-1 | 1.2.1-1 |
| flac_project | flac | >= 0 < 1.2.1-1 | 1.2.1-1 |
| flac_project | flac | >= 0 < 1.2.1-1 | 1.2.1-1 |
| nullsoft | winamp | <= 5.35 | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-26g4-r5qf-54qp: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
ghsa_unreviewed·2022-05-01
CVE-2007-4619 [HIGH] GHSA-26g4-r5qf-54qp: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
GHSA
GHSA-5955-gqmh-73gj: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-6277 [CRITICAL] CWE-119 GHSA-5955-gqmh-73gj: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
OSV
CVE-2007-6277: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
osv·2007-12-07·CVSS 9.3
CVE-2007-6277 [CRITICAL] CVE-2007-6277: Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
OSV
CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
osv·2007-10-12·CVSS 9.3
CVE-2007-4619 [CRITICAL] CVE-2007-4619: Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Red Hat
libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE
vendor_redhat·2008-10-17·CVSS 7.8
CVE-2008-4619 [HIGH] libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE
libtirpc: rpcbind DoS in the taddr2uaddr XDR_DECODE
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
Red Hat
libflac: Multiple security issues fixed in 1.2.1
vendor_redhat·2007-11-15·CVSS 9.3
CVE-2007-6277 [CRITICAL] libflac: Multiple security issues fixed in 1.2.1
libflac: Multiple security issues fixed in 1.2.1
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
Ubuntu
flac vulnerability
vendor_ubuntu·2007-11-13
CVE-2007-4619 flac vulnerability
Title: flac vulnerability
Summary: flac vulnerability
Sean de Regge discovered that flac did not properly perform bounds
checking in many situations. An attacker could send a specially crafted
FLAC audio file and execute arbitrary code as the user or cause a denial
of service in flac or applications that link against flac.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
FLAC Integer overflows
vendor_redhat·2007-10-11·CVSS 9.3
CVE-2007-4619 [CRITICAL] CWE-190 FLAC Integer overflows
FLAC Integer overflows
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Debian
CVE-2007-6277: flac - Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2...
vendor_debian·2007·CVSS 9.3
CVE-2007-6277 [CRITICAL] CVE-2007-6277: flac - Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2...
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
Scope: local
bookworm: resolved (fixed in 1.2.1-1)
bullseye: resolved (fixed in 1.2.1-1)
forky: resolved (fixed in 1
Debian
CVE-2007-4619: flac - Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1....
vendor_debian·2007·CVSS 9.3
CVE-2007-4619 [CRITICAL] CVE-2007-4619: flac - Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1....
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.2.1-1)
bullseye: resolved (fixed in 1.2.1-1)
forky: resolved (fixed in 1.2.1-1)
sid: resolved (fixed in 1.2.1-1)
trixie: resolved (fixed in 1.2.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-6277 libflac: Multiple security issues fixed in 1.2.1
bugzilla·2007-12-07·CVSS 9.3
CVE-2007-6277 [CRITICAL] CVE-2007-6277 libflac: Multiple security issues fixed in 1.2.1
CVE-2007-6277 libflac: Multiple security issues fixed in 1.2.1
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6277 to the following vulnerability:
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow.
Bugzilla
CVE-2007-4619 FLAC Integer overflows [F7]
bugzilla·2007-10-15·CVSS 9.3
CVE-2007-4619 [CRITICAL] CVE-2007-4619 FLAC Integer overflows [F7]
CVE-2007-4619 FLAC Integer overflows [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
flac-1.2.1 built and pushed through the errata process.
---
flac-1.2.1-1.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update flac'
---
flac-1.2.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-4619 FLAC Integer overflows
bugzilla·2007-10-15·CVSS 9.3
CVE-2007-4619 [CRITICAL] CVE-2007-4619 FLAC Integer overflows
CVE-2007-4619 FLAC Integer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4619 to the following vulnerability:
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
References:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
http://flac.sourceforge.net/changelog.html#flac_1_2_1
Discussion:
Created attachment 227581
Probably the fix for CVE-2007-4619 sucked from upstream CVS
---
Looks like an update would be needed on FC6, F7, RHEL3, RHEL4, and RHEL5.
Only problem being that w
Bugzilla
CVE-2007-4619 FLAC Integer overflows [FC6]
bugzilla·2007-10-15·CVSS 9.3
CVE-2007-4619 [CRITICAL] CVE-2007-4619 FLAC Integer overflows [FC6]
CVE-2007-4619 FLAC Integer overflows [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
flac-1.1.2-28 pushed to testing.
http://bugzilla.redhat.com/show_bug.cgi?id=331991http://flac.sourceforge.net/changelog.html#flac_1_2_1http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.htmlhttp://secunia.com/advisories/27210http://secunia.com/advisories/27223http://secunia.com/advisories/27355http://secunia.com/advisories/27399http://secunia.com/advisories/27507http://secunia.com/advisories/27601http://secunia.com/advisories/27625http://secunia.com/advisories/27628http://secunia.com/advisories/27780http://secunia.com/advisories/27878http://secunia.com/advisories/28548http://security.gentoo.org/glsa/glsa-200711-15.xmlhttp://securitytracker.com/id?1018815http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243http://www.debian.org/security/2008/dsa-1469http://www.mandriva.com/security/advisories?name=MDKSA-2007:214http://www.redhat.com/support/errata/RHSA-2007-0975.htmlhttp://www.securityfocus.com/bid/26042http://www.ubuntu.com/usn/usn-540-1http://www.vupen.com/english/advisories/2007/3483http://www.vupen.com/english/advisories/2007/3484http://www.vupen.com/english/advisories/2007/4061https://bugzilla.redhat.com/show_bug.cgi?id=332571https://exchange.xforce.ibmcloud.com/vulnerabilities/37187https://issues.rpath.com/browse/RPL-1873https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.htmlhttp://bugzilla.redhat.com/show_bug.cgi?id=331991http://flac.sourceforge.net/changelog.html#flac_1_2_1http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.htmlhttp://secunia.com/advisories/27210http://secunia.com/advisories/27223http://secunia.com/advisories/27355http://secunia.com/advisories/27399http://secunia.com/advisories/27507http://secunia.com/advisories/27601http://secunia.com/advisories/27625http://secunia.com/advisories/27628http://secunia.com/advisories/27780http://secunia.com/advisories/27878http://secunia.com/advisories/28548http://security.gentoo.org/glsa/glsa-200711-15.xmlhttp://securitytracker.com/id?1018815http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243http://www.debian.org/security/2008/dsa-1469http://www.mandriva.com/security/advisories?name=MDKSA-2007:214http://www.redhat.com/support/errata/RHSA-2007-0975.htmlhttp://www.securityfocus.com/bid/26042http://www.ubuntu.com/usn/usn-540-1http://www.vupen.com/english/advisories/2007/3483http://www.vupen.com/english/advisories/2007/3484http://www.vupen.com/english/advisories/2007/4061https://bugzilla.redhat.com/show_bug.cgi?id=332571https://exchange.xforce.ibmcloud.com/vulnerabilities/37187https://issues.rpath.com/browse/RPL-1873https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html
2007-10-12
Published