FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ff65eecb-91e4-11dc-bd6c-0016179b2dd5flac -- media file processing integer overflow vulnerabilities

iDefense Laps reports:

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.


Discovery 2007-10-11
Entry 2007-11-13
flac
< 1.1.2_2

CVE-2007-4619
http://secunia.com/advisories/27210/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608