=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2007/VULN454
_____________________________________________________________________

DATE                      : 22/11/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Sustems running libFLAC.

======================================================================
http://www.kb.cert.org/vuls/id/544656
______________________________________________________________________

Vulnerability Note VU#544656

libFLAC contains multiple vulnerabilities

Overview

libFLAC contains multiple vulnerabilities, which may allow a remote, 
unauthenticated attacker to execute arbitrary code on a vulnerable system.


I. Description

FLAC (Free Lossless Audio Codec) is a lossless audio format. libFLAC is 
a library that can process FLAC files. libFLAC contains multiple 
vulnerabilities, including:

     * Metadata Block Size Heap Overflow
     * VORBIS Comment String Size Field Heap Overflow
     * VORBIS Comment String Size Length Stack Overflow
     * Picture MIME-Type Size Heap Overflow
     * Picture MIME-Type Size Stack Overflow
     * Picture Dimension Size Heap Overflow
     * Picture Description Size Heap Overflow
     * Picture Description Length Stack Overflow
     * Picture Data Length Heap Overflow
     * Picture URL Stack Overflow
     * Malformed Image/File Download Vulnerability
     * Padding Length Heap Overflow
     * Seektable Out-Of-Scope Double Free Condition
     * Malformed Seektable Double Free Condition

Please see eEye advisory AD20071115 for more details.


II. Impact

By convincing a user to open a specially crafted FLAC file, a remote, 
unauthenticated attacker may be able to execute arbitrary code or cause 
a denial-of-service condition on a vulnerable system.


III. Solution

Apply an update

These issues are addressed in version 1.2.1 of the FLAC library. Please 
see the Systems Affected section for fix availability for specific products.


Systems Affected
Vendor                     Status                   Date Updated
America Online, Inc.       Vulnerable               15-Nov-2007
Cog                        Vulnerable               15-Nov-2007
dBpoweramp                 Vulnerable               15-Nov-2007
FLAC                       Vulnerable               15-Nov-2007
Foobar2000                 Vulnerable               15-Nov-2007
jetAudio                   Vulnerable               15-Nov-2007
PhatBox	                   Vulnerable               15-Nov-2007
Yahoo, Inc.                Vulnerable               15-Nov-2007


References

http://research.eeye.com/html/advisories/published/AD20071115.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
http://secunia.com/advisories/27210/
http://flac.sourceforge.net/changelog.html
Credit

This vulnerability was reported by Andre Protas of eEye Digital
Security, who in turn credit Greg Linares.

This document was written by Will Dormann.

Other Information

Date Public             11/10/2007
Date First Published    15/11/2007 15:02:06
Date Last Updated       19/11/2007
CERT Advisory	
CVE Name                CVE-2007-4619
Metric                  5,06
Document Revision       15

If you have feedback, comments, or additional information about this 
vulnerability, please send us email.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================