Vulnerabilities > CVE-2007-6279 - Resource Management Errors vulnerability in Flac Libflac

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

flac

CWE-399

critical

NVD

Published: 2007-12-07

Updated: 2018-10-15

Summary

Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.

Vulnerable Configurations

Part	Description	Count
Application	Flac Flac Libflac *	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Statements

contributor	Mark J Cox
lastmodified	2007-12-11
organization	Red Hat
statement	This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Statements

References