DigitMemo.com

14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable).

A number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors.

libFLAC version 1.2.1 was released in September, 2007, fixing these vulnerabilities for most vulnerable applications. Unfortunately, many vendors that were using libFLAC within their media applications or using their own homegrown FLAC file parsers had not been informed that their FLAC file parser was vulnerable. Because of that, the release of this advisory was postponed until all vulnerable vendors were contacted in coordination with US-CERT.

Make sure to get the latest update from FLAC official site.