[Flac] overflow vulnerabilities fixed in flac-1.2.1
Josh Coalson
xflac at yahoo.com
Thu Oct 18 17:44:21 PDT 2007
iDefense reported to us several buffer overflow vulnerabilities in
the FLAC source base that could lead to arbitrary code execution:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
as a result the complete source code underwent an audit to fix all
such vulnerabilites, and a separate memory allocation module was added
to prevent future vulnerabilites. these fixes appear in the flac-1.2.1
release.
we suggest you upgrade to flac-1.2.1 and/or winamp 5.5 (which now uses
libFLAC from 1.2.1)
Josh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Flac
mailing list