ZDI-11-230: Apple Quicktime Apple Lossless Audio Codec Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-230
June 29, 2011
-- CVE ID:
CVE-2011-0211
-- CVSS:
[ Wintercore Advisory ]
Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
:: Non-Technical Description
Realtek HD Audio Codec Drivers are prone to a local privilege escalation
due to insufficient validation of user-mode buffers. Successful
if the user is tricked into opening a malformed media file or stream.
Affected and updated have been the implementations of the following
codecs and container formats:
- - the Vorbis audio codec
- - the Ogg container implementation
- - the FF Video 1 codec
- - the MPEG audio codec
- - the H264 video codec
- - the MOV container implementation
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists during the rendering of an audio stream
utilizing QDesign's audio codec. The application will perform an
allocation utilizing a field specified in the sample's description.
Later when initializing the buffer, the application will utilize a
different length. If the lengths differ, then a buffer overflow will
occur. This can lead to code execution under the context of the
currently logged in user.
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4619 CVE-2007-6277
Sean de Regge and Greg Linares discovered multiple heap and stack based
buffer overflows in FLAC, the Free Lossless Audio Codec, which could
lead to the execution of arbitrary code.
For the unstable distribution (sid), these problems have been fixed in
version 1.2.1-1.
ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-304
October 26, 2011
-- CVE ID:
CVE-2011-3252
-- CVSS:
8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C
Systems Affected:
Applications with FLAC Support
Overview:
eEye Digital Security has discovered 14 vulnerabilities in the
processing of FLAC (Free-Lossless Audio Codec) files affecting various
applications. Processing a malicious FLAC file within a vulnerable
application could result in the execution of arbitrary code at the
privileges of the application or the current user (depending on OS).
allowing for the execution of arbitrary code.
Background
==========
The Xiph.org Free Lossless Audio Codec (FLAC) library is the reference
implementation of the FLAC audio file format. It contains encoders and
decoders in library and executable form.
Affected packages
=================
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 11, 2007
I. BACKGROUND
Free Lossless Audio Codec (FLAC) is a popular file format for audio data
compression. AOL Corp.'s Winamp media player has support for the FLAC
format. More information about FLAC and Winamp is available at the
following URLs.
http://flac.sourceforge.net/
Debian bug : 540958
CVE Ids : CVE-2009-2663 CVE-2009-3379
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered
that libvorbis, a library for the Vorbis general-purpose compressed
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via a crafted .ogg
file.
For the oldstable distribution (etch), these problems have been fixed in
