Multiple FLAC Vulnerabilities Affect Every OS
Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."
This is an example of the term "failure of imagination."
.flac file which can execute arbitrary code when it is run on an affected player.
.flac file to someone else who doesn't know it is maliciously crafted and when they play the file, they have given arbitrary code execution privileges to the malicious crafty person.
Someone malicious can craft a
That someone can give that
I thought everyone got that from the description, but there will always be some ignorant fool who can't help but speak up and, here's the great part, there will always be someone who is even more stupid who mods them up.
That's the magic of Slashdot.
How we know is more important than what we know.
Good thing no one uses this esoteric "FLAC" format.
or play a video with flac as the audio algorithm.
right.
especially if it plays silence on a transparent pixel.
MAN THIS SUCKS.
Subscription to Stereophile magazine: $10.
Additional hard drive to store your lossless music collection: $200.
Portable audio player that supports FLAC: $300.
High-end headphones and speakers necessary to hear the difference between MP3/AAC and FLAC: $1000.
Gold shielded power, speaker, and headphone cables to avoid picking up noise that masks the differences between MP3/AAC and FLAC: $2000.
Watching all that equipment turn into one big zombie spambot as soon as you press "play": priceless.
Visual IRC: Fast. Powerful. Free.
What you just described is a virus, and in fact, has existed nearly as long as computers have. If you don't trust your flac-giving buddy, why take anything he gives you at all? The point is that "flac" cannot compromise your system, only your data. Unless you play the file as root.
I want to delete my account but Slashdot doesn't allow it.
OK, this is Slashdot. Nobody here here has a wife let alone a mistress
You are right about the backups, though...
-Arthur
Cave ne ante ullas catapultas ambules