Remote exploitation of multiple integer overflow vulnerabilities
in libFLAC, as included with various vendor's software
distributions, allows attackers to execute arbitrary code
in the context of the currently logged in user.
These vulnerabilities specifically exist in the handling of
malformed FLAC media files. In each case, an integer overflow can
occur while calculating the amount of memory to allocate. As such,
insufficient memory is allocated for the data that is subsequently
read in from the file, and a heap based buffer overflow occurs.