Fluid Attacks Database

Description

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libsndfile	>=0 <1.0.17-4	1.0.17-4
debian 14	ardour	>=0 <1:2.1-1.1	1:2.1-1.1
debian 13	ardour	>=0 <1:2.1-1.1	1:2.1-1.1
debian 12	libsndfile	>=0 <1.0.17-4	1.0.17-4
debian 11	libsndfile	>=0 <1.0.17-4	1.0.17-4
debian 12	ardour	>=0 <1:2.1-1.1	1:2.1-1.1
debian 13	libsndfile	>=0 <1.0.17-4	1.0.17-4
debian 11	ardour	>=0 <1:2.1-1.1	1:2.1-1.1

Aliases

1. CVE-2007-49742. NVD-2007-49743. OSV-DEBIAN-2007-49744. OSV-2007-49745. SECURITY-TRACKER-CVE-2007-4974

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.