Multiple FLAC Vulnerabilities Affect Every OS

Posted by kdawson on Monday November 19, 2007 @02:05PM from the don't-hit-play dept.

Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."

2 of 360 comments (clear)

Min score:

Reason:

Sort:

security bugs that FOSS does not have by r00t · 2007-11-19 15:12 · Score: 0, Offtopic

undesired/unauthorized phone home

undesired/unauthorized upgrades, like the one you bastards forced on me DESPITE my having set XP updates to download **only** for later manual install

Digital Restriction Management -- need I say more? From the user's viewpoint, it's a bug.

sudden failure of the OS because some defective algorithm thinks Windows isn't "genuine"
Re:I like ponies. by Anonymous Coward · 2007-11-19 18:00 · Score: 0, Offtopic

Mmm ponies, delicious.