CVE-2007-4974

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Published: Sep 19, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4974
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
mega-nerd / libsndfile	1.0.0-rc1	1.0.0-rc1.x
mega-nerd / libsndfile	-	1.0.17.x
mega-nerd / libsndfile	1.0.13	1.0.13.x
mega-nerd / libsndfile	1.0.0-rc6	1.0.0-rc6.x
mega-nerd / libsndfile	1.0.15	1.0.15.x
mega-nerd / libsndfile	0.0.8	0.0.8.x
mega-nerd / libsndfile	1.0.10	1.0.10.x
mega-nerd / libsndfile	0.0.28	0.0.28.x
mega-nerd / libsndfile	1.0.14	1.0.14.x
mega-nerd / libsndfile	1.0.0	1.0.0.x
mega-nerd / libsndfile	1.0.12	1.0.12.x
mega-nerd / libsndfile	1.0.11	1.0.11.x
mega-nerd / libsndfile	1.0.1	1.0.1.x
mega-nerd / libsndfile	1.0.16	1.0.16.x

Vulnerability Database

289,697

CVE-2007-4974