Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libflac | Flac | * | 1.2 (including) |
| Flac | Ubuntu | dapper | * |
| Flac | Ubuntu | edgy | * |
| Flac | Ubuntu | feisty | * |
| Flac | Ubuntu | gutsy | * |
| Flac | Ubuntu | upstream | * |
References
- http://research.eeye.com/html/advisories/published/AD20071115.html
- http://securityreason.com/securityalert/3423
- http://www.kb.cert.org/vuls/id/544656
- http://www.securityfocus.com/archive/1/483765/100/200/threaded
- http://www.securitytracker.com/id?1018974
- http://research.eeye.com/html/advisories/published/AD20071115.html
- http://securityreason.com/securityalert/3423
- http://www.kb.cert.org/vuls/id/544656
- http://www.securityfocus.com/archive/1/483765/100/200/threaded
- http://www.securitytracker.com/id?1018974