Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-9028

Published: 26 November 2014

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

Notes

AuthorNote
sbeattie
android moved from libflac 1.2.1 to 1.3.1, plus extra fix
listed below
jdstrand
as with previous stagefright issues, this issue affects Ubuntu's
android packages, but not in a way that is exposed to apps.  See
CVE-2015-1538 for details

Priority

Medium

Status

Package Release Status
android
Launchpad, Ubuntu, Debian
vivid Ignored

upstream
Released (5.1.1 LMY48T)
precise Does not exist

trusty Does not exist
(trusty was ignored)
wily Ignored

Patches:
upstream: https://android.googlesource.com/platform/external/flac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6%5E!/#F0


flac
Launchpad, Ubuntu, Debian
upstream
Released (1.3.1)
lucid
Released (1.2.1-2ubuntu0.1)
precise
Released (1.2.1-6ubuntu0.1)
trusty
Released (1.3.0-2ubuntu0.14.04.1)
utopic
Released (1.3.0-2ubuntu0.14.10.1)
wily Not vulnerable
(1.3.0-2ubuntu1)
vivid
Released (1.3.0-2ubuntu1)
Patches:

upstream: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
upstream: https://git.xiph.org/?p=flac.git;a=commit;h=5a365996d739bdf4711af51d9c2c71c8a5e14660