1. CVE-Search
  2. CVE-2007-3507
ID CVE-2007-3507
Summary Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
References
Vulnerable Configurations
  • cpe:2.3:a:flac123:flac123:*:*:*:*:*:*:*:*
    cpe:2.3:a:flac123:flac123:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 24712
bugtraq 20070629 flac123 0.0.9 - Stack overflow in comment parsing
confirm http://sourceforge.net/forum/forum.php?forum_id=710314
gentoo GLSA-200709-06
misc http://www.isecpartners.com/advisories/2007-002-flactools.txt
osvdb 40524
secunia 26827
sreason 2854
vupen ADV-2007-2420
xf flac123-vcentryparsevalue-bo(35175)
Last major update 15-10-2018 - 21:29
Published 02-07-2007 - 19:30
Last modified 15-10-2018 - 21:29
Back to Top