CVE-2014-9028

Опубликовано: 25 нояб. 2014

Источник: redhat

CVSS2: 6.8

EPSS Средний

Описание

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	flac	Will not fix
Red Hat Enterprise Linux 6	flac	Fixed	RHSA-2015:0767	01.04.2015
Red Hat Enterprise Linux 7	flac	Fixed	RHSA-2015:0767	01.04.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1167741flac: Heap buffer write overflow in read_residual_partitioned_rice_

EPSS

Процентиль: 96%

0.25739

Средний

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2014-9028

ubuntu

почти 11 лет назад

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

CVE-2014-9028

nvd

почти 11 лет назад

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

CVE-2014-9028

debian

почти 11 лет назад

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 ...

GHSA-6x2f-7ggw-rc86

github

больше 3 лет назад

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

ELSA-2015-0767

oracle-oval

больше 10 лет назад

ELSA-2015-0767: flac security update (IMPORTANT)

EPSS

Процентиль: 96%

0.25739

Средний

6.8 Medium

CVSS2