CVE-2007-4974
published 2007-09-19CVE-2007-4974: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.49%
90.3th percentile
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ardour | ardour | >= 0 < 1:2.1-1.1 | 1:2.1-1.1 |
| ardour | ardour | >= 0 < 1:2.1-1.1 | 1:2.1-1.1 |
| ardour | ardour | >= 0 < 1:2.1-1.1 | 1:2.1-1.1 |
| ardour | ardour | >= 0 < 1:2.1-1.1 | 1:2.1-1.1 |
| debian | ardour | < ardour 1:2.1-1.1 (bookworm) | ardour 1:2.1-1.1 (bookworm) |
| debian | libsndfile | < ardour 1:2.1-1.1 (bookworm) | ardour 1:2.1-1.1 (bookworm) |
| libsndfile_project | libsndfile | >= 0 < 1.0.17-4 | 1.0.17-4 |
| libsndfile_project | libsndfile | >= 0 < 1.0.17-4 | 1.0.17-4 |
| libsndfile_project | libsndfile | >= 0 < 1.0.17-4 | 1.0.17-4 |
| libsndfile_project | libsndfile | >= 0 < 1.0.17-4 | 1.0.17-4 |
| mega-nerd | libsndfile | <= 1.0.17 | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
| mega-nerd | libsndfile | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h6f6-m3cj-r7wc: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1
ghsa_unreviewed·2022-05-01
CVE-2007-4974 [HIGH] CWE-119 GHSA-h6f6-m3cj-r7wc: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
OSV
CVE-2007-4974: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1
osv·2007-09-19·CVSS 7.5
CVE-2007-4974 [HIGH] CVE-2007-4974: Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Ubuntu
libsndfile vulnerability
vendor_ubuntu·2007-10-04
CVE-2007-4974 libsndfile vulnerability
Title: libsndfile vulnerability
Summary: libsndfile vulnerability
Robert Buchholz discovered that libsndfile did not correctly validate the
size of its memory buffers. If a user were tricked into playing a specially
crafted FLAC file, a remote attacker could execute arbitrary code with user
privileges.
Instructions: After a standard system upgrade you need to restart your session to effect
the necessary changes.
Red Hat
Heap overflow in libsndfile triggerable by seeks
vendor_redhat·2007-09-16·CVSS 7.5
CVE-2007-4974 [HIGH] Heap overflow in libsndfile triggerable by seeks
Heap overflow in libsndfile triggerable by seeks
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Debian
CVE-2007-4974: ardour - Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17...
vendor_debian·2007·CVSS 7.5
CVE-2007-4974 [HIGH] CVE-2007-4974: ardour - Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17...
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Scope: local
bookworm: resolved (fixed in 1:2.1-1.1)
bullseye: resolved (fixed in 1:2.1-1.1)
forky: resolved (fixed in 1:2.1-1.1)
sid: resolved (fixed in 1:2.1-1.1)
trixie: resolved (fixed in 1:2.1-1.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
bugzilla·2008-01-28·CVSS 7.5
CVE-2007-4974 [HIGH] CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4974 to the following vulnerability:
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
References:
https://bugs.gentoo.org/show_bug.cgi?id=192834
https://bugzilla.redhat.com/show_bug.cgi?id=296221
http://www.debian.org/security/2007/dsa-1442
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html
http://security.gentoo.org/glsa/glsa-200710-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:191
http://lists.open
Bugzilla
CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
bugzilla·2007-09-19·CVSS 7.5
CVE-2007-4974 [HIGH] CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
CVE-2007-4974 Heap overflow in libsndfile triggerable by seeks
Description of problem:
To quote Robert Buchholz of Gentoo:
The issue was already known upstream and a change in
libsndfile-1.0.18pre17 [2] addressed it, but does not fix it robustly.
Attached is a fix for 1.0.17 (line numbers are including Gentoo's FLAC
patches [3]) that was approved by upstream.
[2] http://www.mega-nerd.com/tmp/libsndfile-1.0.18pre17.tar.gz
[3]
http://distfiles.gentoo.org/distfiles/libsndfile-1.0.17+flac-1.1.3.patch.bz2
Additional info:
See URL for mor details. A CVE identifier for this issue was already requested.
Discussion:
libsndfile-1.0.17-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/26921http://secunia.com/advisories/26932http://secunia.com/advisories/27018http://secunia.com/advisories/27071http://secunia.com/advisories/27100http://secunia.com/advisories/28265http://secunia.com/advisories/28412http://security.gentoo.org/glsa/glsa-200710-04.xmlhttp://www.debian.org/security/2007/dsa-1442http://www.mandriva.com/security/advisories?name=MDKSA-2007:191http://www.securityfocus.com/bid/25758http://www.ubuntu.com/usn/usn-525-1http://www.vupen.com/english/advisories/2007/3241https://bugs.gentoo.org/show_bug.cgi?id=192834https://bugzilla.redhat.com/show_bug.cgi?id=296221https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.htmlhttp://secunia.com/advisories/26921http://secunia.com/advisories/26932http://secunia.com/advisories/27018http://secunia.com/advisories/27071http://secunia.com/advisories/27100http://secunia.com/advisories/28265http://secunia.com/advisories/28412http://security.gentoo.org/glsa/glsa-200710-04.xmlhttp://www.debian.org/security/2007/dsa-1442http://www.mandriva.com/security/advisories?name=MDKSA-2007:191http://www.securityfocus.com/bid/25758http://www.ubuntu.com/usn/usn-525-1http://www.vupen.com/english/advisories/2007/3241https://bugs.gentoo.org/show_bug.cgi?id=192834https://bugzilla.redhat.com/show_bug.cgi?id=296221https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html
2007-09-19
Published