CVE-2007-6279 — Double Free in Flac

CWE-3996 documents6 sources

Severity

9.3CRITICALNVD

EPSS

2.8%

top 13.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flac Project Flac Debian Flac Flac Libflac

Timeline

PublishedDec 7

Latest updateMay 1

Description

Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDflac/libflac1.2

▶debiandebian/flac< flac 1.2.1-1 (bookworm)

▶Debianflac_project/flac< 1.2.1-1+3

Patches

Patch: www.kb.cert.org ↗Patch: www.securitytracker.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-89cg-68j8-8mhg: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2022-05-01

▶

OSV

CVE-2007-6279: Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1↗2007-12-07

▶

📋Vendor Advisories

Red Hat

Double-frees via crafted FLAC file↗2007-11-15

▶

Debian

CVE-2007-6279: flac - Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC...↗2007

▶

💬Community

Bugzilla

CVE-2007-6279 Double-frees via crafted FLAC file↗2007-12-07

▶