Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2007-6278

Published: 7 December 2007

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

Notes

AuthorNote
jdstrand 
checked diff from 1.2.0 to 1.2.1 and found the mime parts. These
were included in the fix for CVE-2007-4619 for gutsy. 1.1.2 does not
have the mime code in libFLAC
note that CVE-2007-4619 was very general and came out before the
iDefense CVEs, so there is overlap

Priority

Low

Status

Package Release Status
flac
Launchpad, Ubuntu, Debian 		upstream
Released (1.2.1)
dapper Not vulnerable
(1.1.2-3ubuntu1.1)
edgy Not vulnerable
(1.1.2-5ubuntu1.1)
feisty Not vulnerable
(1.1.2-5ubuntu2.1)
gutsy
Released (1.1.4-3ubuntu1.1)
hardy Not vulnerable
(1.2.1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading