CVE-2007-4974

Heap-based buffer overflow in the flacbuffercopy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

References

Affected packages

Debian:11 / ardour

Package

Name: ardour
Purl: pkg:deb/debian/ardour?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1-1.1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / ardour

Package

Name: ardour
Purl: pkg:deb/debian/ardour?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1-1.1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / ardour

Package

Name: ardour
Purl: pkg:deb/debian/ardour?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:2.1-1.1

Ecosystem specific

{
    "urgency": "medium"
}

Debian:11 / libsndfile

Package

Name: libsndfile
Purl: pkg:deb/debian/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.17-4

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / libsndfile

Package

Name: libsndfile
Purl: pkg:deb/debian/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.17-4

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / libsndfile

Package

Name: libsndfile
Purl: pkg:deb/debian/libsndfile?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.17-4

Ecosystem specific

{
    "urgency": "medium"
}