ID CVE-2007-6279
Summary Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
References
Vulnerable Configurations
  • cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*
    cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:51)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20071115 EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications
cert-vn VU#544656
eeye AD20071115
sectrack 1018974
sreason 3423
statements via4
contributor Mark J Cox
lastmodified 2007-12-11
organization Red Hat
statement This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue.
Last major update 15-10-2018 - 21:51
Published 07-12-2007 - 11:46
Last modified 15-10-2018 - 21:51
Back to Top