Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libflac vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2007-6277
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC prior to 1.2.1 allow user-assisted remote malicious users to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Descriptio...
Flac Libflac
9.3
CVSSv2
CVE-2007-6278
Free Lossless Audio Codec (FLAC) libFLAC prior to 1.2.1 allows user-assisted remote malicious users to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
Flac Libflac
9.3
CVSSv2
CVE-2007-6279
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC prior to 1.2.1 allow user-assisted remote malicious users to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Flac Libflac
7.5
CVSSv2
CVE-2014-9028
Heap-based buffer overflow in stream_decoder.c in libFLAC prior to 1.3.1 allows remote malicious users to execute arbitrary code via a crafted .flac file.
Flac Libflac
9.3
CVSSv2
CVE-2007-4619
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC prior to 1.2.1, as used in Winamp prior to 5.5 and other products, allow user-assisted remote malicious users to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resul...
Flac Libflac
Nullsoft Winamp
10
CVSSv2
CVE-2016-2429
libFLAC/stream_decoder.c in mediaserver in Android 4.x prior to 4.4.4, 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote malicious users to execute arbitrary code or cause a denial...
Google Android 5.0
Google Android 4.4.3
Google Android 4.4.2
Google Android 4.4.1
Google Android 6.0.1
Google Android 4.2
Google Android 4.1.2
Google Android 4.1
Google Android 4.0.4
Google Android 5.1.0
Google Android 5.0.1
Google Android 4.4
Google Android 4.3
Google Android 4.2.1
Google Android 4.0.3
Google Android 4.0.1
Google Android 6.0
Google Android 5.1
Google Android 4.3.1
Google Android 4.2.2
Google Android 4.0.2
Google Android 4.0
4.3
CVSSv2
CVE-2017-6888
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
Flac Project Flac
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started