CVE-2007-4974
libsndfile
EPSS 7.1%
Description
Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
How to fix CVE-2007-4974
To remediate CVE-2007-4974, upgrade the affected package to a fixed version below.
- Debian/ardour—upgrade to 1:2.1-1.1 or later
- Debian/libsndfile—upgrade to 1.0.17-4 or later
- Debian/libsndfile—upgrade to 1.0.16-2 or later
Is CVE-2007-4974 being exploited?
Moderate — EPSS is 7.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1:2.1-1.1
- from 0, < 1.0.17-4
- from 0, < 1.0.16-2