libFLAC 1.3.0 Stack Overflow / Heap Overflow / Code Execution

2014.11.26
Risk: High
Local: No
Remote: Yes
CWE: CWE-119

Description: FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular, a stack overflow and a heap overflow condition, which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder. Affected version: libFLAC <= 1.3.0 The following packages were identified as affected as they statically include libFLAC in their own packages. Max <= 0.9.1 Cog <= 0.07 cinelerra <= 4.6 JUCE <= 3.1.0 (juce_audio_formats module) Fixed version: libFLAC >= 1.3.1 Max N/A Cog N/A cinelerra N/A JUCE N/A Credit: vulnerability report from Michele Spagnuolo of Google Security Team <mikispag AT google.com> CVE: CVE-2014-8962 (stack overflow) CVE-2014-9028 (heap overflow) Timeline: 2014-11-12: heap overflow report received 2014-11-12: contacted maintainer 2014-11-14: patch provided by maintainer 2014-11-17: reporter confirms patch 2014-11-20: stack overflow vulnerability reported 2014-11-21: assigned CVE (heap overflow) 2014-11-22: contacted affected vendors 2014-11-23: contacted additional affected vendors 2014-11-25: advisory release References: https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Permalink: http://www.ocert.org/advisories/ocert-2014-008.html -- Daniele Bianco Open Source Computer Security Incident Response Team <danbia@ocert.org> http://www.ocert.org GPG Key 0x9544A497 GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497

References:

https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top