CVSS: 7.8EPSS: 16%CPEs: 1EXPL: 0CVE-2014-8962 – flac: Buffer read overflow when processing ID3V2 metadata
https://notcve.org/view.php?id=CVE-2014-8962
25 Nov 2014 — Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Desbordamiento de buffer basado en pila en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero .flac manipulado. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application usi... • http://advisories.mageia.org/MGASA-2014-0499.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 20%CPEs: 1EXPL: 0CVE-2014-9028 – flac: Heap buffer write overflow in read_residual_partitioned_rice_
https://notcve.org/view.php?id=CVE-2014-9028
25 Nov 2014 — Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. Desbordamiento de buffer basado en memoria dinámica en stream_decoder.c en libFLAC anterior a 1.3.1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero .flac manipulado. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application u... • http://advisories.mageia.org/MGASA-2014-0499.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 0CVE-2007-6277 – libflac: Multiple security issues fixed in 1.2.1
https://notcve.org/view.php?id=CVE-2007-6277
07 Dec 2007 — Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Pictu... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-6278
https://notcve.org/view.php?id=CVE-2007-6278
07 Dec 2007 — Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. Free Lossless Audio Codec (FLAC) libFLAC, en versiones anteriores a la 1.2.1, permite que atacantes remotos con intervención del usuario fuercen al cliente a descargar archivos cualesquiera a través de la etiqueta MIME-Type URL (-->) para el fichero de imagen FLAC en un archivo .FLAC manipul... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 1EXPL: 0CVE-2007-6279
https://notcve.org/view.php?id=CVE-2007-6279
07 Dec 2007 — Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. Múltiples vulnerabilidades de doble liberación en Free Lossless Audio Codec en LibFLAC (FLAC) versiones anteriores a 1.2.1, permiten a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de (1) valores de Seektable o (2) Desplazamientos de D... • http://research.eeye.com/html/advisories/published/AD20071115.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 2EXPL: 0CVE-2007-4619 – FLAC Integer overflows
https://notcve.org/view.php?id=CVE-2007-4619
12 Oct 2007 — Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. Múltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos... • http://bugzilla.redhat.com/show_bug.cgi?id=331991 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •