Vulnerability Description
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flac | Libflac | <= 1.2 |
| Nullsoft | Winamp | <= 5.35 |
Related Weaknesses (CWE)
References
- http://bugzilla.redhat.com/show_bug.cgi?id=331991
- http://flac.sourceforge.net/changelog.html#flac_1_2_1Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
- http://secunia.com/advisories/27210
- http://secunia.com/advisories/27223
- http://secunia.com/advisories/27355
- http://secunia.com/advisories/27399
- http://secunia.com/advisories/27507
- http://secunia.com/advisories/27601
- http://secunia.com/advisories/27625
- http://secunia.com/advisories/27628
- http://secunia.com/advisories/27780
- http://secunia.com/advisories/27878
- http://secunia.com/advisories/28548
FAQ
What is CVE-2007-4619?
CVE-2007-4619 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via...
How severe is CVE-2007-4619?
CVE-2007-4619 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4619?
Check the references section above for vendor advisories and patch information. Affected products include: Flac Libflac, Nullsoft Winamp.