CVE-2007-6279

2007-12-0700:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.467

Percentile

97.5%

JSON

Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC)
libFLAC before 1.2.1 allow user-assisted remote attackers to execute
arbitrary code via malformed (1) Seektable values or (2) Seektable Data
Offsets in a .FLAC file.

Notes

Author	Note
jdstrand	iDefense information had virtually no details, however the Ubuntu fix for CVE-2007-4619 has several seektable checks before free, so I am marking this as fixed. note that CVE-2007-4619 was very general and came out before the iDefense CVEs, so there is overlap

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchflac< 1.1.2-3ubuntu1.1UNKNOWN
ubuntu6.10noarchflac< 1.1.2-5ubuntu1.1UNKNOWN
ubuntu7.04noarchflac< 1.1.2-5ubuntu2.1UNKNOWN
ubuntu7.10noarchflac< 1.1.4-3ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	flac	< 1.1.2-3ubuntu1.1	UNKNOWN
ubuntu	6.10	noarch	flac	< 1.1.2-5ubuntu1.1	UNKNOWN
ubuntu	7.04	noarch	flac	< 1.1.2-5ubuntu2.1	UNKNOWN
ubuntu	7.10	noarch	flac	< 1.1.4-3ubuntu1.1	UNKNOWN