CVE-2014-9028
Published: 26 November 2014
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
Notes
Author | Note |
---|---|
sbeattie | android moved from libflac 1.2.1 to 1.3.1, plus extra fix listed below |
jdstrand | as with previous stagefright issues, this issue affects Ubuntu's android packages, but not in a way that is exposed to apps. See CVE-2015-1538 for details |
Priority
Status
Package | Release | Status |
---|---|---|
android Launchpad, Ubuntu, Debian |
vivid |
Ignored
|
upstream |
Released
(5.1.1 LMY48T)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored)
|
|
wily |
Ignored
|
|
Patches: upstream: https://android.googlesource.com/platform/external/flac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6%5E!/#F0 |
||
flac Launchpad, Ubuntu, Debian |
upstream |
Released
(1.3.1)
|
lucid |
Released
(1.2.1-2ubuntu0.1)
|
|
precise |
Released
(1.2.1-6ubuntu0.1)
|
|
trusty |
Released
(1.3.0-2ubuntu0.14.04.1)
|
|
utopic |
Released
(1.3.0-2ubuntu0.14.10.1)
|
|
wily |
Not vulnerable
(1.3.0-2ubuntu1)
|
|
vivid |
Released
(1.3.0-2ubuntu1)
|
|
Patches: upstream: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 upstream: https://git.xiph.org/?p=flac.git;a=commit;h=5a365996d739bdf4711af51d9c2c71c8a5e14660 |