CVE-2007-6278

Published: Dec 7, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

Affected (1)

Products: Flac: Libflac

Flac

1 product

Libflac

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Flac Libflac	Up to 1.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-264

References (10)

http://research.eeye.com/html/advisories/published/AD20071115.html

Source: cve@mitre.org

http://securityreason.com/securityalert/3423

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/544656

Source: cve@mitre.org

PatchUS Government Resource

http://www.securityfocus.com/archive/1/483765/100/200/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id?1018974

Source: cve@mitre.org

Patch

http://research.eeye.com/html/advisories/published/AD20071115.html