Vulnerabilities > CVE-2007-4619 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0975.NASL description An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 27539 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27539 title CentOS 4 / 5 : flac (CESA-2007:0975) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-15.NASL description The remote host is affected by the vulnerability described in GLSA-200711-15 (FLAC: Buffer overflow) Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Impact : A remote attacker could entice a user to open a specially crafted FLAC file or network stream with an application using FLAC. This might lead to the execution of arbitrary code with privileges of the user playing the file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 28198 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28198 title GLSA-200711-15 : FLAC: Buffer overflow NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-540-1.NASL description Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28208 published 2007-11-14 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28208 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : flac vulnerability (USN-540-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1469.NASL description Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 30061 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30061 title Debian DSA-1469-1 : flac - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FF65EECB91E411DCBD6C0016179B2DD5.NASL description iDefense Laps reports : Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor last seen 2020-06-01 modified 2020-06-02 plugin id 28196 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28196 title FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5) NASL family SuSE Local Security Checks NASL id SUSE_FLAC-4571.NASL description Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file (CVE-2007-4619). last seen 2020-06-01 modified 2020-06-02 plugin id 27530 published 2007-10-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27530 title openSUSE 10 Security Update : flac (flac-4571) NASL family SuSE Local Security Checks NASL id SUSE9_11926.NASL description Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file. (CVE-2007-4619) last seen 2020-06-01 modified 2020-06-02 plugin id 41157 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41157 title SuSE9 Security Update : flac (YOU Patch Number 11926) NASL family SuSE Local Security Checks NASL id SUSE_FLAC-4569.NASL description Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file. (CVE-2007-4619) last seen 2020-06-01 modified 2020-06-02 plugin id 29431 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29431 title SuSE 10 Security Update : flac (ZYPP Patch Number 4569) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0975.NASL description An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 27567 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27567 title RHEL 4 / 5 : flac (RHSA-2007:0975) NASL family Scientific Linux Local Security Checks NASL id SL_20071022_FLAC_ON_SL5_X.NASL description A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) This update actually went out yesterday. We apologize for getting this e-mail out late. last seen 2020-06-01 modified 2020-06-02 plugin id 60271 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60271 title Scientific Linux Security Update : flac on SL5.x, SL4.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-2596.NASL description - Wed Oct 17 2007 - Bastien Nocera <bnocera at redhat.com> - 1.2.1-1 - Update to 1.2.1 to fix CVE-2007-4619 (#332571) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27779 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27779 title Fedora 7 : flac-1.2.1-1.fc7 (2007-2596) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-214.NASL description A security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened. Updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 27850 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27850 title Mandrake Linux Security Advisory : flac (MDKSA-2007:214) NASL family Windows NASL id WINAMP_55.NASL description The remote host is using Winamp, a popular media player for Windows. The version of Winamp installed on the remote Windows host contains a plug-in to handle playing FLAC files that contains several integer buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted FLAC file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 27040 published 2007-10-12 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27040 title Winamp < 5.5 FLAC Plug-in Multiple Buffer Overflows NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0975.NASL description From Red Hat Security Advisory 2007:0975 : An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67590 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67590 title Oracle Linux 4 / 5 : flac (ELSA-2007-0975) NASL family Fedora Local Security Checks NASL id FEDORA_2007-730.NASL description - Wed Oct 17 2007 - Bastien Nocera <bnocera at redhat.com> - 1.1.2-28 - Add patch from Takashi Iwai to fix CVE-2007-4619 (#332581) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27631 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27631 title Fedora Core 6 : flac-1.1.2-28 (2007-730)
Oval
accepted | 2013-04-29T04:06:46.941-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | ||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10571 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||
title | Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. | ||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://bugzilla.redhat.com/show_bug.cgi?id=331991
- http://flac.sourceforge.net/changelog.html#flac_1_2_1
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
- http://secunia.com/advisories/27210
- http://secunia.com/advisories/27223
- http://secunia.com/advisories/27355
- http://secunia.com/advisories/27399
- http://secunia.com/advisories/27507
- http://secunia.com/advisories/27601
- http://secunia.com/advisories/27625
- http://secunia.com/advisories/27628
- http://secunia.com/advisories/27780
- http://secunia.com/advisories/27878
- http://secunia.com/advisories/28548
- http://security.gentoo.org/glsa/glsa-200711-15.xml
- http://securitytracker.com/id?1018815
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243
- http://www.debian.org/security/2008/dsa-1469
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:214
- http://www.redhat.com/support/errata/RHSA-2007-0975.html
- http://www.securityfocus.com/bid/26042
- http://www.ubuntu.com/usn/usn-540-1
- http://www.vupen.com/english/advisories/2007/3483
- http://www.vupen.com/english/advisories/2007/3484
- http://www.vupen.com/english/advisories/2007/4061
- https://bugzilla.redhat.com/show_bug.cgi?id=332571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37187
- https://issues.rpath.com/browse/RPL-1873
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html