CVE-2007-4974

N/A Unknown

Published: September 19, 2007 Modified: April 23, 2026

Description

Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/26921

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/26932

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27018

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27071

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/27100

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28265

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28412

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200710-04.xml

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1442

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:191

Source: cve@mitre.org

http://www.securityfocus.com/bid/25758

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-525-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3241

Source: cve@mitre.org

Vendor Advisory

https://bugs.gentoo.org/show_bug.cgi?id=192834

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=296221

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/26921

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/26932

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27018

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27071

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27100

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28265

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28412

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200710-04.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1442

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:191

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25758

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-525-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3241

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.gentoo.org/show_bug.cgi?id=192834

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=296221

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00344.html

Source: af854a3a-2127-422b-91ae-364da2661108

34 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

4.5%

90th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

mega-nerd

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1