FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
BID:26042
Info
FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
| Bugtraq ID: | 26042 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4619 CVE-2007-6277 CVE-2007-6278 CVE-2007-6279 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 11 2007 12:00AM |
| Updated: | Mar 19 2015 09:39AM |
| Credit: | Sean de Regge is credited with the discovery of this issue. |
| Vulnerable: |
VideoLAN VLC media player 0.8.6 VideoLAN VLC media player 0.8.6c VideoLAN VLC media player 0.8.6b VideoLAN VLC media player 0.8.6a Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise Desktop 10 SuSE openSUSE 10.3 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Desktop 4.0 Red Hat Fedora Core7 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux 5 Server NullSoft Winamp 5.35 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux FLAC FLAC 1.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Intuity AUDIX LX 2.0 |
| Not Vulnerable: |
VideoLAN VLC media player 0.8.6 d NullSoft Winamp 5.5 FLAC FLAC 1.2.1 |
Discussion
FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
FLAC (Free Lossless Audio Codec) is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before allocating memory.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted FLAC files.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
FLAC 1.2.0 is vulnerable; other versions may also be affected.
NOTE: Applications that include the affected libFLAC library are also affected.
FLAC (Free Lossless Audio Codec) is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before allocating memory.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted FLAC files.
An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
FLAC 1.2.0 is vulnerable; other versions may also be affected.
NOTE: Applications that include the affected libFLAC library are also affected.
Exploit / POC
FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
Solution:
The vendor released FLAC 1.2.1 to address these issues. Please see the references for more information.
VideoLAN VLC media player 0.8.6b
VideoLAN VLC media player 0.8.6c
VideoLAN VLC media player 0.8.6
FLAC FLAC 1.2
Solution:
The vendor released FLAC 1.2.1 to address these issues. Please see the references for more information.
VideoLAN VLC media player 0.8.6b
-
VideoLAN VLC media player 0.8.6d
http://www.videolan.org/vlc/
VideoLAN VLC media player 0.8.6c
-
VideoLAN VLC media player 0.8.6d
http://www.videolan.org/vlc/
VideoLAN VLC media player 0.8.6
-
VideoLAN VLC media player 0.8.6d
http://www.videolan.org/vlc/
FLAC FLAC 1.2
-
FLAC flac-1.2.1.tar.gz
http://downloads.sourceforge.net/flac/flac-1.2.1.tar.gz?modtime=118996 1849&big_mirror=0
References
FLAC libFLAC Multiple Unspecified Integer Overflow Vulnerabilities
References:
References:
- Changes between 0.8.6c and 0.8.6d (VideoLAN)
- FLAC 1.2.1 Changelog (FLAC)
- Vendor Homepage (FLAC)
- VLC Homepage (VideoLAN)
- Winamp Home Page (NullSoft)
- EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applicatio ("eEye Advisories"
- iDefense Security Advisory 10.11.07: Multiple Vendor FLAC Library Multiple Integ (iDefense Labs)
- ASA-2007-458 FLAC security update (RHSA-2007-0975) (Avaya)
- Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities (iDefense Labs)
- Multiple Vulnerabilities In .FLAC File Format and Various Media Applications (eEye Research)
- RHSA-2007:0975-3 - flac security update (Red Hat)