Vulnerabilities > CVE-2007-4619 - Numeric Errors vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
flac
nullsoft
CWE-189
critical
nessus
NVD
Published: 2007-10-12
Updated: 2017-09-29

Summary

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Flac
1
Application
Nullsoft
39

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0975.NASL
    descriptionAn updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id27539
    published2007-10-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27539
    titleCentOS 4 / 5 : flac (CESA-2007:0975)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-15 (FLAC: Buffer overflow) Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Impact : A remote attacker could entice a user to open a specially crafted FLAC file or network stream with an application using FLAC. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id28198
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28198
    titleGLSA-200711-15 : FLAC: Buffer overflow
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-540-1.NASL
    descriptionSean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28208
    published2007-11-14
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28208
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : flac vulnerability (USN-540-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1469.NASL
    descriptionSean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id30061
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30061
    titleDebian DSA-1469-1 : flac - several vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FF65EECB91E411DCBD6C0016179B2DD5.NASL
    descriptioniDefense Laps reports : Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor
    last seen2020-06-01
    modified2020-06-02
    plugin id28196
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28196
    titleFreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLAC-4571.NASL
    descriptionMultiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file (CVE-2007-4619).
    last seen2020-06-01
    modified2020-06-02
    plugin id27530
    published2007-10-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27530
    titleopenSUSE 10 Security Update : flac (flac-4571)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11926.NASL
    descriptionMultiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file. (CVE-2007-4619)
    last seen2020-06-01
    modified2020-06-02
    plugin id41157
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41157
    titleSuSE9 Security Update : flac (YOU Patch Number 11926)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_FLAC-4569.NASL
    descriptionMultiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file. (CVE-2007-4619)
    last seen2020-06-01
    modified2020-06-02
    plugin id29431
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29431
    titleSuSE 10 Security Update : flac (ZYPP Patch Number 4569)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0975.NASL
    descriptionAn updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id27567
    published2007-10-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27567
    titleRHEL 4 / 5 : flac (RHSA-2007:0975)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071022_FLAC_ON_SL5_X.NASL
    descriptionA security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) This update actually went out yesterday. We apologize for getting this e-mail out late.
    last seen2020-06-01
    modified2020-06-02
    plugin id60271
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60271
    titleScientific Linux Security Update : flac on SL5.x, SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2596.NASL
    description - Wed Oct 17 2007 - Bastien Nocera <bnocera at redhat.com> - 1.2.1-1 - Update to 1.2.1 to fix CVE-2007-4619 (#332571) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27779
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27779
    titleFedora 7 : flac-1.2.1-1.fc7 (2007-2596)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-214.NASL
    descriptionA security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened. Updated packages have been patched to prevent this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id27850
    published2007-11-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27850
    titleMandrake Linux Security Advisory : flac (MDKSA-2007:214)
  • NASL familyWindows
    NASL idWINAMP_55.NASL
    descriptionThe remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host contains a plug-in to handle playing FLAC files that contains several integer buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted FLAC file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id27040
    published2007-10-12
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27040
    titleWinamp < 5.5 FLAC Plug-in Multiple Buffer Overflows
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0975.NASL
    descriptionFrom Red Hat Security Advisory 2007:0975 : An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67590
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67590
    titleOracle Linux 4 / 5 : flac (ELSA-2007-0975)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-730.NASL
    description - Wed Oct 17 2007 - Bastien Nocera <bnocera at redhat.com> - 1.1.2-28 - Add patch from Takashi Iwai to fix CVE-2007-4619 (#332581) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27631
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27631
    titleFedora Core 6 : flac-1.1.2-28 (2007-730)

Oval

accepted2013-04-29T04:06:46.941-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
familyunix
idoval:org.mitre.oval:def:10571
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
version27

Redhat

advisories
rhsa
idRHSA-2007:0975
rpms
  • flac-0:1.1.0-7.el4_5.2
  • flac-0:1.1.2-28.el5_0.1
  • flac-debuginfo-0:1.1.0-7.el4_5.2
  • flac-debuginfo-0:1.1.2-28.el5_0.1
  • flac-devel-0:1.1.0-7.el4_5.2
  • flac-devel-0:1.1.2-28.el5_0.1
  • xmms-flac-0:1.1.0-7.el4_5.2

References