Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2014-8962

Status Candidate

Overview

Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

Related Files

Mandriva Linux Security Advisory 2015-188
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | 94562320174767c783319e51be1885de
Red Hat Security Advisory 2015-0767-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | 164db12aba7116e662aaa7d4c6609c5c
Gentoo Linux Security Advisory 201412-40
Posted Dec 26, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-40 - A buffer overflow vulnerability in FLAC could lead to execution of arbitrary code or Denial of Service. Versions less than 1.3.1-r1 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-8962
MD5 | 383c5643331a2d0cdfabb81fcc7cb728
Mandriva Linux Security Advisory 2014-239
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | d3a6350c2865c71895371cd96eb53cfc
Debian Security Advisory 3082-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3082-1 - Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free file, an attacker could execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat, debian
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | b2ec39908bbb4ab52558f18370eada87
Ubuntu Security Notice USN-2426-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2426-1 - Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | a38684a77f68c0304df035fb082b87c4
libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution
Posted Nov 25, 2014
Authored by Open Source CERT, Daniele Biano

The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Versions 1.3.0 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-8962, CVE-2014-9028
MD5 | d6cee771a96d43f4b03022c735b7f36f
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    13 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close