FreeBSD : flac -- media file processing integer overflow vulnerabilities (ff65eecb-91e4-11dc-bd6c-0016179b2dd5)
High Nessus Plugin ID 28196
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptioniDefense Laps reports :
Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.
These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.
SolutionUpdate the affected package.