MGASA-2014-0499

Source
https://advisories.mageia.org/MGASA-2014-0499.html
Import Source
https://advisories.mageia.org/MGASA-2014-0499.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2014-0499
Related
Published
2014-11-29T20:18:26Z
Modified
2014-11-29T20:07:29Z
Summary
Updated flac packages fix security vulnerabilities
Details

In libFLAC before 1.3.1, a stack overflow (CVE-2014-8962) and a heap overflow (CVE-2014-9028), which may result in arbitrary code execution, can be triggered by passing a maliciously crafted .flac file to the libFLAC decoder.

References
Credits

Affected packages

Mageia:4 / flac

Package

Name
flac
Purl
pkg:rpm/mageia/flac?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0-2.1.mga4

Ecosystem specific

{
    "section": "core"
}