CVE-2014-8962

Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-2426-1
• FLAC vulnerabilities
• 27 November 2014

Other references

• https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
• http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
• https://www.cve.org/CVERecord?id=CVE-2014-8962