Security Issue with FLAC Audio Codec

Oct 15, 2007

Jan Rähm

Loss free audio codecs are gaining in popularity with device manufacturers; right now, a vulnerability in the Free Lossless Audio Codec (FLAC) spoils users listening pleasure.

Security researchers with iDefense have identified vulnerabilities that could cause heap-based overflows in several of the Flac codec’s components. To exploit the security holes an attacker would need to send a carefully crafted audio file to the user. If successful, the attacker would be able to execute arbitrary code and thus compromise the machine.

The bug, which is rated as moderately critical by security reviewers Secunia, affects all systems and applications that use the free codec. An update for Flac to version 1.2.1 resolves the issue. Binaries and source code packages are available from the project website, and software vendors are already starting to update their applications.

Related content

Vulnerabilities in Xine-Lib and Mplayer

Vulnerabilities have been discovered in two major media players for Linux. A Xine-Lib vulnerability also affects Mplayer.

more »
Perl Audio Converter Extends Choice of Formats

Version 4.0.0 of the Perl Audio Converter (PAC) has just been released; the program can now handle a wider variety of file types.

more »
Ubuntu Patches Vorbis Tools

The Ubuntu security team has released an update to close a vulnerability in the Vorbis Tools for editing music files in Ogg-Vorbis format.

more »
Command Line: MPlayer and MEncoder

MPlayer and MEncoder have considerable potential, and you can control them by means of intelligent command-line options. We’ll put both programs to work.

more »
Sun Working on a Free Web Video Solution

Rob Glidden of Sun Microsystems reports in his blog on two new Open Source projects by his employer which will lead to a free media solution with video and audio codecs.

more »

comments powered by Disqus

Issue 30: Getting Started with Linux/Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

Linux Comes to Windows

Run multiple Linux distributions in Windows 10.
Docker Embraces Kubernetes

Docker , Kubernetes , orchestration

Docker is now offering Kubernetes as an orchestration platform.
Kubernetes 1.8 Announced

The new release comes with two new features for better security.
Final Ubuntu Desktop 17.10 Beta Arrives

Community , Desktop

Ubuntu completes the cycle of life and goes back to letter A and Gnome.
Linus Torvalds Invites Attackers to Join the Kernel Community

He wants attackers to join the community instead of attacking the code.
Oracle Donating Java EE to the Eclipse Foundation

Oracle is recommending a new name for the Java Enterprise Edition platform.
Reddit Closing Doors to Open Source

The peanut gallery of the Internet is closing its open source repository.
Largest Open Source Summit to Date Around the Corner

LinuxCon is now Open Source Summit.
Gnome is Celebrating it’s 20th Birthday

Gnome

More than 33 releases since the first release of Gnome.
SQL Server Comes to RHEL; OpenShift Comes to Azure

Microsoft and Red Hat expand their partnership.