FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

iDefense Laps reports :

Remote exploitation of multiple integer overflow vulnerabilities in
libFLAC, as included with various vendor's software distributions,
allows attackers to execute arbitrary code in the context of the
currently logged in user.

These vulnerabilities specifically exist in the handling of malformed
FLAC media files. In each case, an integer overflow can occur while
calculating the amount of memory to allocate. As such, insufficient
memory is allocated for the data that is subsequently read in from the
file, and a heap based buffer overflow occurs.

See also :

http://www.nessus.org/u?65d09af8
http://www.nessus.org/u?898c7403

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 28196 (freebsd_pkg_ff65eecb91e411dcbd6c0016179b2dd5.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4619

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now