Synopsis: Important: flac security update
Advisory ID: SLSA-2015:0767-1
Issue Date: 2015-04-01
CVE Numbers: CVE-2014-8962
A buffer overflow flaw was found in the way flac decoded FLAC audio files.
An attacker could create a specially crafted FLAC audio file that could
cause an application using the flac library to crash or execute arbitrary
code when the file was read. (CVE-2014-9028)
A buffer over-read flaw was found in the way flac processed certain ID3v2
metadata. An attacker could create a specially crafted FLAC audio file
that could cause an application using the flac library to crash when the
file was read. (CVE-2014-8962)
After installing the update, all applications linked against the flac
library must be restarted for this update to take effect.
– Scientific Linux Development Team