CVE-2007-4974

Publication date 19 September 2007

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libsndfile	7.04 feisty	Fixed 1.0.16-1ubuntu0.7.04.1
	6.10 edgy	Fixed 1.0.16-1ubuntu0.6.10.1
	6.06 LTS dapper	Fixed 1.0.12-3ubuntu0.1

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

fix in MDKSA-2007:191

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-525-1
libsndfile vulnerability
4 October 2007

Other references

https://bugs.gentoo.org/show_bug.cgi?id=192834
https://www.cve.org/CVERecord?id=CVE-2007-4974