FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

flac123 -- stack overflow in comment parsing

Affected packages
flac123 < 0.0.10

Details

VuXML ID 32d38cbb-2632-11dc-94da-0016179b2dd5
Discovery 2007-06-05
Entry 2007-06-28
Modified 2007-08-10

isecpartners reports:

flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code.

References

CVE Name CVE-2007-3507
URL http://sourceforge.net/forum/forum.php?forum_id=710314
URL http://www.isecpartners.com/advisories/2007-002-flactools.txt