CVE-2007-6277

2007-12-0700:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.467

Percentile

97.5%

JSON

Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC
before 1.2.1 allow user-assisted remote attackers to execute arbitrary code
via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3)
Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture
Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height
values in a .FLAC file, which result in a heap-based overflow; and large
(8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture
MIME-Type URL, and (11) Picture Description Length values in a .FLAC file,
which result in a stack-based overflow. NOTE: some of these issues may
overlap CVE-2007-4619.

Bugs

<https://bugs.launchpad.net/bugs/185026>

Notes

Author	Note
jdstrand	debian DSA is identical except they left out a couple of safe_ calls. This was fixed in Ubuntu’s fix for CVE-2007-4619 note that CVE-2007-4619 was very general and came out before the iDefense CVEs, so there is overlap

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchflac< 1.1.2-3ubuntu1.1UNKNOWN
ubuntu6.10noarchflac< 1.1.2-5ubuntu1.1UNKNOWN
ubuntu7.04noarchflac< 1.1.2-5ubuntu2.1UNKNOWN
ubuntu7.10noarchflac< 1.1.4-3ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	flac	< 1.1.2-3ubuntu1.1	UNKNOWN
ubuntu	6.10	noarch	flac	< 1.1.2-5ubuntu1.1	UNKNOWN
ubuntu	7.04	noarch	flac	< 1.1.2-5ubuntu2.1	UNKNOWN
ubuntu	7.10	noarch	flac	< 1.1.4-3ubuntu1.1	UNKNOWN