Description
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
References (5)
Core 5
Core References
Various Sources third-party-advisory
x_refsource_eeye
http://research.eeye.com/html/advisories/published/AD20071115.html
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018974
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3423
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/544656
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483765/100/200/threaded
Scores
EPSS
0.0212
EPSS Percentile
79.7%
Details
CWE
CWE-20
CWE-264
Status
published
Products (1)
flac/libflac
< 1.2
Published
Dec 07, 2007
Tracked Since
Feb 18, 2026