FLAC (Free Lossless Audio Codec) - Remote hacker manual control
Version: | 1.2.0 and prior. |
Technical Details: | Numerous critical vulnerabilities for the FLAC file format (.flac), identified by eEye, including fourteen arbitrary code execution opportunities at various levels (OS dependent). Despite being patched against in September (libFLAC 1.2.1), eEye have published this information due to the number of applications that have not updated to this latest library. |
Description: |
eEye Digital Security have published an advisory detailing numerous critical vulnerabilities affecting the FLAC (Free-Lossless Audio Codec) file format (.flac). Despite being patched against in September (libFLAC 1.2.1), eEye have published this information due to the number of applications that have not updated to this latest library. |
Mitigation: |
Update to the latest version of affected software that is using FLAC. If the option exists, confirm that software is built against libFLAC 1.2.1, or later. |
Updates: |
http://flac.sourceforge.net/news.html#20070917 |
Source: |
http://research.eeye.com/html/advisories/published/AD20071115.html and http://www.kb.cert.org/vuls/id/544656 |
Exploits: |
|
External Tracking Data: | AD20071115 (eEye tracking) |
Social bookmark this page