CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.5%
CentOS Errata and Security Advisory CESA-2007:0975
FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC
encoder and decoder in library form, a program to encode and decode FLAC
files, a metadata editor for FLAC files and input plugins for various music
players.
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
Users of flac are advised to upgrade to this updated package, which
contains a backported patch that resolves this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-October/076492.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076493.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076502.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076503.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076508.html
https://lists.centos.org/pipermail/centos-announce/2007-October/076509.html
Affected packages:
flac
flac-devel
xmms-flac
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0975
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | s390 | flac | < 1.1.0-7.c4.2 | flac-1.1.0-7.c4.2.s390.rpm |
CentOS | 4 | s390 | flac-devel | < 1.1.0-7.c4.2 | flac-devel-1.1.0-7.c4.2.s390.rpm |
CentOS | 4 | s390 | xmms-flac | < 1.1.0-7.c4.2 | xmms-flac-1.1.0-7.c4.2.s390.rpm |
CentOS | 4 | s390x | flac | < 1.1.0-7.c4.2 | flac-1.1.0-7.c4.2.s390x.rpm |
CentOS | 4 | s390x | flac-devel | < 1.1.0-7.c4.2 | flac-devel-1.1.0-7.c4.2.s390x.rpm |
CentOS | 4 | s390x | xmms-flac | < 1.1.0-7.c4.2 | xmms-flac-1.1.0-7.c4.2.s390x.rpm |
CentOS | 4 | ia64 | flac | < 1.1.0-7.c4.2 | flac-1.1.0-7.c4.2.ia64.rpm |
CentOS | 4 | ia64 | flac-devel | < 1.1.0-7.c4.2 | flac-devel-1.1.0-7.c4.2.ia64.rpm |
CentOS | 4 | ia64 | xmms-flac | < 1.1.0-7.c4.2 | xmms-flac-1.1.0-7.c4.2.ia64.rpm |
CentOS | 4 | i386 | flac | < 1.1.0-7.el4_5.2 | flac-1.1.0-7.el4_5.2.i386.rpm |