CVE-2014-9028
published 2014-11-26CVE-2014-9028: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
9.85%
95.0th percentile
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | flac | < flac 1.3.0-3 (bookworm) | flac 1.3.0-3 (bookworm) |
| flac | libflac | <= 1.3.0 | — |
| flac_project | flac | >= 0 < 1.3.0-3 | 1.3.0-3 |
| flac_project | flac | >= 0 < 1.3.0-3 | 1.3.0-3 |
| flac_project | flac | >= 0 < 1.3.0-3 | 1.3.0-3 |
| flac_project | flac | >= 0 < 1.3.0-3 | 1.3.0-3 |
| android | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2014-9028: Android Security Bulletin 2015-10-01
CVE: CVE-2014-9028
Severity: CRITICAL
Affected AOSP versions: 5
vendor_android·2015-10-01·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028: Android Security Bulletin 2015-10-01
CVE: CVE-2014-9028
Severity: CRITICAL
Affected AOSP versions: 5
Android Security Bulletin 2015-10-01
CVE: CVE-2014-9028
Severity: CRITICAL
Affected AOSP versions: 5.1 and below
Ubuntu
FLAC vulnerabilities
vendor_ubuntu·2014-11-27
CVE-2014-8962 FLAC vulnerabilities
Title: FLAC vulnerabilities
Summary: FLAC could be made to crash or run programs as your login if it opened a
specially crafted file.
Michele Spagnuolo discovered that FLAC incorrectly handled certain
malformed audio files. An attacker could use this issue to cause FLAC to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
flac: Heap buffer write overflow in read_residual_partitioned_rice_
vendor_redhat·2014-11-25·CVSS 7.5
CVE-2014-9028 [HIGH] CWE-122 flac: Heap buffer write overflow in read_residual_partitioned_rice_
flac: Heap buffer write overflow in read_residual_partitioned_rice_
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read.
Package: flac (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2014-9028: flac - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows re...
vendor_debian·2014·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028: flac - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows re...
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Scope: local
bookworm: resolved (fixed in 1.3.0-3)
bullseye: resolved (fixed in 1.3.0-3)
forky: resolved (fixed in 1.3.0-3)
sid: resolved (fixed in 1.3.0-3)
trixie: resolved (fixed in 1.3.0-3)
GHSA
GHSA-6x2f-7ggw-rc86: Heap-based buffer overflow in stream_decoder
ghsa_unreviewed·2022-05-14
CVE-2014-9028 [HIGH] CWE-119 GHSA-6x2f-7ggw-rc86: Heap-based buffer overflow in stream_decoder
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
OSV
CVE-2014-9028: Heap-based buffer overflow in stream_decoder
osv·2014-11-26·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028: Heap-based buffer overflow in stream_decoder
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
bugzilla·2014-12-02·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
CVE-2014-9028 CVE-2014-8962 mingw-flac: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whi
Bugzilla
CVE-2014-9028 CVE-2014-8962 xmms-flac: various flaws [fedora-all]
bugzilla·2014-12-02·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028 CVE-2014-8962 xmms-flac: various flaws [fedora-all]
CVE-2014-9028 CVE-2014-8962 xmms-flac: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whil
Bugzilla
CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
bugzilla·2014-12-02·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
CVE-2014-9028 CVE-2014-8962 flac: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While onl
Bugzilla
CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
bugzilla·2014-11-25·CVSS 7.5
CVE-2014-9028 [HIGH] CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
CVE-2014-9028 flac: Heap buffer write overflow in read_residual_partitioned_rice_
It was reported [1] that there's a vulnerability in flac which caused the stream decoder to write to un-allocated heap space resulting in a segfault.
Upstrem commit for this issue is at [2].
[1]: http://lists.xiph.org/pipermail/flac-dev/2014-November/005226.html
[2]: https://git.xiph.org/?p=flac.git;a=commitdiff;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
Discussion:
The upstream commit at [2] doesn't seem to fix this problem completely, please see other mails in the thread [1].
---
The second part of the fix is in this commit:
https://git.xiph.org/?p=flac.git;a=commit;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
This is in the new flac-1.3.1 release.
---
Created mingw-flac tracking bugs for this issue
http://advisories.mageia.org/MGASA-2014-0499.htmlhttp://lists.opensuse.org/opensuse-updates/2014-12/msg00034.htmlhttp://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0767.htmlhttp://www.debian.org/security/2014/dsa-3082http://www.mandriva.com/security/advisories?name=MDVSA-2014:239http://www.mandriva.com/security/advisories?name=MDVSA-2015:188http://www.ocert.org/advisories/ocert-2014-008.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/archive/1/534083/100/0/threadedhttp://www.securityfocus.com/bid/71282http://www.ubuntu.com/usn/USN-2426-1https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85http://advisories.mageia.org/MGASA-2014-0499.htmlhttp://lists.opensuse.org/opensuse-updates/2014-12/msg00034.htmlhttp://packetstormsecurity.com/files/129261/libFLAC-1.3.0-Stack-Overflow-Heap-Overflow-Code-Execution.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0767.htmlhttp://www.debian.org/security/2014/dsa-3082http://www.mandriva.com/security/advisories?name=MDVSA-2014:239http://www.mandriva.com/security/advisories?name=MDVSA-2015:188http://www.ocert.org/advisories/ocert-2014-008.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/archive/1/534083/100/0/threadedhttp://www.securityfocus.com/bid/71282http://www.ubuntu.com/usn/USN-2426-1https://git.xiph.org/?p=flac.git%3Ba=commit%3Bh=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
2014-11-26
Published