Upstream information

CVE-2007-4619 at MITRE

Description

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 333278 [RESOLVED / FIXED], 342633 [RESOLVED / INVALID]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 for x86
  • flac >= 1.1.0-387.4
  • flac-devel >= 1.1.0-387.4
sled10.x86
sles10.s390x
core9.x86
core9.s390
ZYPP Patch Nr: 4569
Novell Linux Desktop 9 for x86_64
  • flac >= 1.1.0-387.4
  • flac-32bit >= 9-200710182357
  • flac-devel >= 1.1.0-387.4
sled10.x86
sles10.s390x
core9.x86
core9.s390
ZYPP Patch Nr: 4569
Open Enterprise Server
  • flac >= 1.1.0-387.4
  • flac-devel >= 1.1.0-387.4
  • flac-xmms >= 1.1.0-387.4
sled10.x86
sles10.s390x
core9.x86
core9.s390
ZYPP Patch Nr: 4569
SUSE LINUX 10.0
  • flac >= 1.1.2-4.3
  • flac-32bit >= 1.1.2-4.3
  • flac-64bit >= 1.1.2-4.3
  • flac-devel >= 1.1.2-4.3
SUSE LINUX 10.1
  • flac >= 1.1.2-15.7
  • flac-32bit >= 1.1.2-15.7
  • flac-64bit >= 1.1.2-15.7
  • flac-devel >= 1.1.2-15.7