CVE-2007-4619

FLAC Integer overflows

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

Múltiples desbordamientos de entero en Free Lossless Audio Codec (FLAC) libFLAC versiones anteriores a 1.2.1, como se usan Winamp versiones anteriores a 5.5 y otros productos, permiten a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un fichero FLAC malformado que dispara una ubicación de memoria inapropiada, resultando en un desbordamiento de búfer basado en montículo.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-30 CVE Reserved
2007-10-12 CVE Published
2024-08-07 CVE Updated
2024-09-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (33)

URL	Tag	Source
http://bugzilla.redhat.com/show_bug.cgi?id=331991	X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608	Third Party Advisory
http://secunia.com/advisories/27210	Third Party Advisory
http://secunia.com/advisories/27223	Third Party Advisory
http://secunia.com/advisories/27355	Third Party Advisory
http://secunia.com/advisories/27399	Third Party Advisory
http://secunia.com/advisories/27507	Third Party Advisory
http://secunia.com/advisories/27601	Third Party Advisory
http://secunia.com/advisories/27625	Third Party Advisory
http://secunia.com/advisories/27628	Third Party Advisory
http://secunia.com/advisories/27780	Third Party Advisory
http://secunia.com/advisories/27878	Third Party Advisory
http://secunia.com/advisories/28548	Third Party Advisory
http://securitytracker.com/id?1018815	Vdb Entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0243	X_refsource_confirm
http://www.vupen.com/english/advisories/2007/3483	Vdb Entry
http://www.vupen.com/english/advisories/2007/3484	Vdb Entry
http://www.vupen.com/english/advisories/2007/4061	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=332571	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/37187	Vdb Entry
https://issues.rpath.com/browse/RPL-1873	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10571	Signature

URL	Date	SRC

URL	Date	SRC
http://flac.sourceforge.net/changelog.html#flac_1_2_1	2017-09-29
http://www.securityfocus.com/bid/26042	2017-09-29

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html	2017-09-29
http://security.gentoo.org/glsa/glsa-200711-15.xml	2017-09-29
http://www.debian.org/security/2008/dsa-1469	2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:214	2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-0975.html	2017-09-29
http://www.ubuntu.com/usn/usn-540-1	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00035.html	2017-09-29
https://access.redhat.com/security/cve/CVE-2007-4619	2007-10-22
https://bugzilla.redhat.com/show_bug.cgi?id=331991	2007-10-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Flac Search vendor "Flac"		Libflac Search vendor "Flac" for product "Libflac"				<= 1.2 Search vendor "Flac" for product "Libflac" and version " <= 1.2"		-		Affected
Nullsoft Search vendor "Nullsoft"		Winamp Search vendor "Nullsoft" for product "Winamp"				<= 5.35 Search vendor "Nullsoft" for product "Winamp" and version " <= 5.35"		-		Affected