what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2014-9028

Status Candidate

Overview

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

Related Files

Mandriva Linux Security Advisory 2015-188
Posted Apr 2, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-188 - Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted.flac file. The updated packages provides a solution for these security issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 05dfc86eaebf1ee000b74ab6147e7badb5c9d055f0731dc16979b307c384bac9
Red Hat Security Advisory 2015-0767-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 2f7e195b6925583791596a7cda6298ad5a59aee71434723dad31751db6670d60
Mandriva Linux Security Advisory 2014-239
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-239 - In libFLAC before 1.3.1, a stack overflow. and a heap overflow. which may result in arbitrary code execution, can be triggered by passing a maliciously crafted.flac file to the libFLAC decoder.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | cbbc26ea5cdb0eb3a0cdbdf8a01c1790ccfa0fedcb1fd4052bff4d93f5841954
Debian Security Advisory 3082-1
Posted Dec 1, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3082-1 - Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free file, an attacker could execute arbitrary code.

tags | advisory, arbitrary
systems | linux, redhat, debian
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 45d3a8394a88d20061257f331bda5c3542c5c1c71131c449ab431afc09e78a4b
Ubuntu Security Notice USN-2426-1
Posted Nov 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2426-1 - Michele Spagnuolo discovered that FLAC incorrectly handled certain malformed audio files. An attacker could use this issue to cause FLAC to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | 3b6937356aa74e200c7dccd14b5fca4055bfd9ad918b1102663fea68014208af
libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution
Posted Nov 25, 2014
Authored by Open Source CERT, Daniele Biano

The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Versions 1.3.0 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2014-8962, CVE-2014-9028
SHA-256 | a4032dd6d4a27f7aae901e56831009abf356688af57f4e2a9b1222732ec7ca10
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close