GLSA-200711-15 : FLAC: Buffer overflow
High Nessus Plugin ID 28198
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200711-15 (FLAC: Buffer overflow)
Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows.
A remote attacker could entice a user to open a specially crafted FLAC file or network stream with an application using FLAC. This might lead to the execution of arbitrary code with privileges of the user playing the file.
There is no known workaround at this time.
SolutionAll FLAC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/flac-1.2.1-r1' You should also run revdep-rebuild to rebuild any packages that depend on older versions of FLAC:
# revdep-rebuild --library=libFLAC.*