Vulnerability Details : CVE-2007-6279
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2007-6279
- cpe:2.3:a:flac:libflac:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6279
10.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6279
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-6279
-
Red Hat 2007-12-11This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue.
References for CVE-2007-6279
-
http://securityreason.com/securityalert/3423
Multiple Vulnerabilities In .FLAC File Format and Various Media Applications - CXSecurity.com
-
http://www.kb.cert.org/vuls/id/544656
VU#544656 - libFLAC contains multiple vulnerabilitiesPatch;US Government Resource
-
http://www.securityfocus.com/archive/1/483765/100/200/threaded
-
http://www.securitytracker.com/id?1018974
Access DeniedPatch
-
http://research.eeye.com/html/advisories/published/AD20071115.html
Jump to