Red Hat Bugzilla – Bug 246322
CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow
Last modified: 2007-11-30 17:12:08 EST
"flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis
comment parsing. This allows for the execution of arbitrary code."
0.0.10 is out, supposedly containing a fix for this.
Updated flac123 to 0.0.11, submitted update for updates-testing for F-7. Will go
into updates shortly if there's no trouble.
flac123-0.0.11-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.