Slashdot Mirror


Multiple FLAC Vulnerabilities Affect Every OS

Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."

4 of 360 comments (clear)

  1. Old McDonald Had a Farm by Lachryma · · Score: 5, Funny

    eEye worked with US-CERT to notify vulnerable vendors.
    If this happened over email, one could consider it eEye e-I/O.
  2. Phew by Frogbert · · Score: 5, Funny

    Good thing no one uses this esoteric "FLAC" format.

  3. Re:root listens to audio? by paulgrant · · Score: 5, Funny

    or play a video with flac as the audio algorithm.
    right.
    especially if it plays silence on a transparent pixel.
    MAN THIS SUCKS.

  4. Some things in life, money can't buy... by Mr2001 · · Score: 5, Funny

    Subscription to Stereophile magazine: $10.

    Additional hard drive to store your lossless music collection: $200.

    Portable audio player that supports FLAC: $300.

    High-end headphones and speakers necessary to hear the difference between MP3/AAC and FLAC: $1000.

    Gold shielded power, speaker, and headphone cables to avoid picking up noise that masks the differences between MP3/AAC and FLAC: $2000.

    Watching all that equipment turn into one big zombie spambot as soon as you press "play": priceless.

    --
    Visual IRC: Fast. Powerful. Free.