CVE-2007-4974

Publication date 19 September 2007

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libsndfile	7.04 feisty	Fixed 1.0.16-1ubuntu0.7.04.1
	6.10 edgy	Fixed 1.0.16-1ubuntu0.6.10.1
	6.06 LTS dapper	Fixed 1.0.12-3ubuntu0.1

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

fix in MDKSA-2007:191

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-525-1
libsndfile vulnerability
4 October 2007

Other references

https://bugs.gentoo.org/show_bug.cgi?id=192834
https://www.cve.org/CVERecord?id=CVE-2007-4974