Multiple FLAC Vulnerabilities Affect Every OS 360
Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."
root listens to audio? (Score:2, Funny)
Oh, you mean that a USER could compromise THEIR PERSONAL FILES... well, that does suck, but you have backups, right?
I bet someone will cop some flack for this.. (Score:2, Funny)
The best thing about these vulnerabilities (Score:2, Funny)
Re:root listens to audio? (Score:4, Funny)
Someone malicious can craft a
That someone can give that
I thought everyone got that from the description, but there will always be some ignorant fool who can't help but speak up and, here's the great part, there will always be someone who is even more stupid who mods them up.
That's the magic of Slashdot.
Re:root listens to audio? (Score:3, Funny)
Re:root listens to audio? (Score:1, Funny)
Old McDonald Had a Farm (Score:5, Funny)
Phew (Score:5, Funny)
Those security tell me to get the FLAC out of here (Score:3, Funny)
Re:root listens to audio? (Score:5, Funny)
right.
especially if it plays silence on a transparent pixel.
MAN THIS SUCKS.
Some things in life, money can't buy... (Score:5, Funny)
Additional hard drive to store your lossless music collection: $200.
Portable audio player that supports FLAC: $300.
High-end headphones and speakers necessary to hear the difference between MP3/AAC and FLAC: $1000.
Gold shielded power, speaker, and headphone cables to avoid picking up noise that masks the differences between MP3/AAC and FLAC: $2000.
Watching all that equipment turn into one big zombie spambot as soon as you press "play": priceless.
Re:root listens to audio? (Score:3, Funny)
Re:root listens to audio? (Score:2, Funny)
We don' like yo' type 'roun' 'ere, yew best keep moving.
Man, I hope I got my punctuation of the accent correct, or I am going to get reamed by Grammar Nazi's.
Re:root listens to audio? (Score:5, Funny)
You are right about the backups, though...
Re:Some things in life, money can't buy... (Score:2, Funny)
True audiophiles do not use FLAC encoding! A FLAC-encoded sound will have to be processed using a complex computational process, which will mean it will travel through very, very many transistors in the CPU before it hits the DAC on sound card, thus causing noticeable and very jarring latency in the sound. Even uncompressed files have headers which might affect seek performance. No, true audiophiles use raw sound data - indeed, raw sound files also save disk space, because they don't have headers.
Re:Another idiot gets modded up (Score:2, Funny)