exploitDog

CVE-2007-6278

Опубликовано: 15 нояб. 2007

Источник: redhat

EPSS Низкий

Описание

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

Отчет

Red Hat does not consider this a security issue. The downloading of arbitrary files will be harmless unless there is a vulnerability in the application handling these other filetypes.

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=415591FLAC doesn't enforce a MIME type for image referenced by URL

EPSS

Процентиль: 78%

0.01143

Низкий

Связанные уязвимости

CVE-2007-6278

ubuntu

почти 18 лет назад

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

CVE-2007-6278

nvd

почти 18 лет назад

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

CVE-2007-6278

debian

почти 18 лет назад

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assi ...

GHSA-3jhf-59jq-5cpv

github

больше 3 лет назад

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

EPSS

Процентиль: 78%

0.01143

Низкий