CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.9%
Issue Overview:
A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028)
A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962)
Affected Packages:
flac
Issue Correction:
Run yum update flac to update your system.
New Packages:
i686:
flac-1.2.1-7.7.amzn1.i686
flac-devel-1.2.1-7.7.amzn1.i686
flac-debuginfo-1.2.1-7.7.amzn1.i686
src:
flac-1.2.1-7.7.amzn1.src
x86_64:
flac-devel-1.2.1-7.7.amzn1.x86_64
flac-1.2.1-7.7.amzn1.x86_64
flac-debuginfo-1.2.1-7.7.amzn1.x86_64
Red Hat: CVE-2014-8962, CVE-2014-9028
Mitre: CVE-2014-8962, CVE-2014-9028
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | flac | < 1.2.1-7.7.amzn1 | flac-1.2.1-7.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | flac-devel | < 1.2.1-7.7.amzn1 | flac-devel-1.2.1-7.7.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | flac-debuginfo | < 1.2.1-7.7.amzn1 | flac-debuginfo-1.2.1-7.7.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | flac-devel | < 1.2.1-7.7.amzn1 | flac-devel-1.2.1-7.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | flac | < 1.2.1-7.7.amzn1 | flac-1.2.1-7.7.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | flac-debuginfo | < 1.2.1-7.7.amzn1 | flac-debuginfo-1.2.1-7.7.amzn1.x86_64.rpm |