Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow.

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0975 advisory.

    [1.1.0-7.el_4.2]
     - Add RHEL-5 patch to remove execstack requirement      Related: rhbz #332591

     [1.1.0-7.el_4.1]
     - Add patch from Takashi Iwai to fix CVE-2007-4619      Resolves: rhbz #332591

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619)

This update actually went out yesterday. We apologize for getting this e-mail out late.

Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file. (CVE-2007-4619)

Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code.

Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200711-15 (FLAC: Buffer overflow)

    Sean de Regge reported multiple integer overflows when processing FLAC     media files that could lead to improper memory allocations resulting in     heap-based buffer overflows.
  Impact :

    A remote attacker could entice a user to open a specially crafted FLAC     file or network stream with an application using FLAC. This might lead     to the execution of arbitrary code with privileges of the user playing     the file.
  Workaround :

    There is no known workaround at this time.

iDefense Laps reports :

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.

A security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened.

Updated packages have been patched to prevent this issue.

- Wed Oct 17 2007 - Bastien Nocera <bnocera at redhat.com>
    - 1.2.1-1

    - Update to 1.2.1 to fix CVE-2007-4619 (#332571)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An updated flac package to correct a security issue is now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players.

A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619)

Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue.

Multiple integer overflows in flac could potentially be exploited by attackers via specially crafted files to execute code in the context of the user opening the file (CVE-2007-4619).

The remote host is running Winamp, a multi-media software application.  This version of Winamp includes a library that is reported to be prone to a remote integer overflow.  An attacker exploiting this flaw would need to be able to convince a Winamp user to open a file with malformed FLAC data.  Successful exploitation would result in the attacker executing arbitrary code on the remote client system.

The remote host is using Winamp, a popular media player for Windows.

The version of Winamp installed on the remote Windows host contains a plug-in to handle playing FLAC files that contains several integer buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into opening a specially crafted FLAC file, he may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

ID	Name	Product	Family	Severity
67590	Oracle Linux 5 : Important: / flac (ELSA-2007-0975)	Nessus	Oracle Linux Local Security Checks	critical
60271	Scientific Linux Security Update : flac on SL5.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
41157	SuSE9 Security Update : flac (YOU Patch Number 11926)	Nessus	SuSE Local Security Checks	high
30061	Debian DSA-1469-1 : flac - several vulnerabilities	Nessus	Debian Local Security Checks	high
29431	SuSE 10 Security Update : flac (ZYPP Patch Number 4569)	Nessus	SuSE Local Security Checks	high
28208	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : flac vulnerability (USN-540-1)	Nessus	Ubuntu Local Security Checks	high
28198	GLSA-200711-15 : FLAC: Buffer overflow	Nessus	Gentoo Local Security Checks	high
28196	FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)	Nessus	FreeBSD Local Security Checks	high
27850	Mandrake Linux Security Advisory : flac (MDKSA-2007:214)	Nessus	Mandriva Local Security Checks	high
27779	Fedora 7 : flac-1.2.1-1.fc7 (2007-2596)	Nessus	Fedora Local Security Checks	high
27567	RHEL 4 / 5 : flac (RHSA-2007:0975)	Nessus	Red Hat Local Security Checks	high
27539	CentOS 4 / 5 : flac (CESA-2007:0975)	Nessus	CentOS Local Security Checks	high
27530	openSUSE 10 Security Update : flac (flac-4571)	Nessus	SuSE Local Security Checks	high
4243	Winamp < 5.5 libFLAC Integer Overflow	Nessus Network Monitor	Generic	medium
27040	Winamp < 5.5 FLAC Plug-in Multiple Buffer Overflows	Nessus	Windows	high

Detections

Analytics

CVE-2007-4619

high

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high

high

high

high

medium

high