Bug 331991 - (CVE-2007-4619) CVE-2007-4619 FLAC Integer overflows
CVE-2007-4619 FLAC Integer overflows
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
: CVE-2007-6277 (view as bug list)
Depends On: 332571 332581 332591 332601 332611 332621 833896
  Show dependency treegraph
Reported: 2007-10-15 07:30 EDT by Lubomir Kundrak
Modified: 2016-03-04 07:33 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-11 12:29:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Probably the fix for CVE-2007-4619 sucked from upstream CVS (57.91 KB, patch)
2007-10-15 08:43 EDT, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-10-15 07:30:43 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4619 to the following vulnerability:

Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.


Comment 1 Lubomir Kundrak 2007-10-15 08:43:04 EDT
Created attachment 227581 [details]
Probably the fix for CVE-2007-4619 sucked from upstream CVS
Comment 2 Bastien Nocera 2007-10-15 09:56:29 EDT
Looks like an update would be needed on FC6, F7, RHEL3, RHEL4, and RHEL5.

Only problem being that we can't upgrade to 1.2.1 in any of those, as 1.1.3
changed the API considerably, and the patch would only apply cleanly to 1.2.0
(which we don't use anywhere, otherwise, we'd just upgrade it to 1.2.1).
Comment 6 Lubomir Kundrak 2007-12-07 09:36:46 EST
See also bug #415581
Comment 7 Red Hat Product Security 2008-01-11 12:29:56 EST
This issue was addressed in:

Red Hat Enterprise Linux:

Comment 8 Tomas Hoger 2008-07-25 06:30:31 EDT
*** Bug 415581 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.