Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4619

Published: 12/10/2007 Updated: 29/09/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Flac

Vulnerability Summary

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC prior to 1.2.1, as used in Winamp prior to 5.5 and other products, allow user-assisted remote malicious users to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

flac libflac

nullsoft winamp

Vendor Advisories

Ubuntu Security Notice: flac vulnerability
Sean de Regge discovered that flac did not properly perform bounds checking in many situations An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac ...

References

CWE-189http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608http://flac.sourceforge.net/changelog.html#flac_1_2_1http://www.securityfocus.com/bid/26042http://bugzilla.redhat.com/show_bug.cgi?id=331991https://bugzilla.redhat.com/show_bug.cgi?id=332571http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243https://issues.rpath.com/browse/RPL-1873https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.htmlhttp://security.gentoo.org/glsa/glsa-200711-15.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:214http://www.redhat.com/support/errata/RHSA-2007-0975.htmlhttp://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.htmlhttp://www.ubuntu.com/usn/usn-540-1http://securitytracker.com/id?1018815http://secunia.com/advisories/27210http://secunia.com/advisories/27223http://secunia.com/advisories/27355http://secunia.com/advisories/27507http://secunia.com/advisories/27625http://secunia.com/advisories/27601http://secunia.com/advisories/27628http://secunia.com/advisories/27780http://secunia.com/advisories/27399http://secunia.com/advisories/27878http://www.debian.org/security/2008/dsa-1469http://secunia.com/advisories/28548http://www.vupen.com/english/advisories/2007/3483http://www.vupen.com/english/advisories/2007/3484http://www.vupen.com/english/advisories/2007/4061https://exchange.xforce.ibmcloud.com/vulnerabilities/37187https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571https://usn.ubuntu.com/540-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/544656
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook