Joined: 12 May 2004
|Posted: Fri Dec 26, 2014 3:26 am Post subject: [ GLSA 201412-40 ] FLAC: User-assisted execution of arbitrar
|Gentoo Linux Security Advisory
Title: FLAC: User-assisted execution of arbitrary code (GLSA 201412-40)
Date: December 26, 2014
A buffer overflow vulnerability in FLAC could lead to execution of
arbitrary code or Denial of Service.
The Free Lossless Audio Codec (FLAC) library is the reference
implementation of the FLAC audio file format.
Vulnerable: < 1.3.1-r1
Unaffected: >= 1.3.1-r1
Architectures: All supported architectures
A stack-based buffer overflow flaw has been discovered in FLAC.
A remote attacker could entice a user to open a specially crafted .flac
file using an application linked against FLAC, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.
There is no known workaround at this time.
All FLAC users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/flac-1.3.1-r1"
such as revdep-rebuild may assist in identifying these packages.
Last edited by GLSA on Thu Mar 12, 2015 4:34 am; edited 2 times in total