Multiple FLAC Vulnerabilities Affect Every OS

Posted by kdawson on Monday November 19, 2007 @02:05PM from the don't-hit-play dept.

Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."

2 of 360 comments (clear)

Min score:

Reason:

Sort:

Re:But I thought that this didn't happen with FOSS by Phlegethon_River · 2007-11-19 14:26 · Score: 1, Redundant

He works for them, check his webpage.
Re:A lot of these are app flaws, not flac flaws .. by ThirdPrize · 2007-11-19 21:22 · Score: 0, Redundant

2. I hardly think libFLAC counts as an "essential Linux library". You are new here aren't you, boy.

--
I have excellent Karma and I am not afraid to Troll it.