CVE-2007-6278

Free Lossless Audio Codec <1.2.1 - RCE

Title source: llm
STIX 2.1

Description

Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.

References (5)

Core 5
Core References
Various Sources third-party-advisory x_refsource_eeye
http://research.eeye.com/html/advisories/published/AD20071115.html
Patch vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018974
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3423
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/544656
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483765/100/200/threaded

Scores

EPSS 0.0212
EPSS Percentile 79.7%

Details

CWE
CWE-20 CWE-264
Status published
Products (1)
flac/libflac < 1.2
Published Dec 07, 2007
Tracked Since Feb 18, 2026