LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

taglib: multiple vulnerabilities

Package(s):taglib CVE #(s):CVE-2012-1108 CVE-2012-1107 CVE-2012-1584
Created:April 9, 2012 Updated:June 25, 2012
Description: From the Red Hat bugzilla [1], [2], [3]:

1) It was reported that, when parsing an Ogg file, a specially crafted Ogg file with control over the "vendorLength" field could cause a string allocation with that size. Control over the "commentFields", which is the number of times that "commentLength" is read, would allocate a string of size "commandLength", which could cause an application linked to taglib to crash. This has been fixed in upstream git. (CVE-2012-1108)

2) It was reported that a specially crafted ape media file with the sampleRate set to "0" could lead to an application crash due to a division by zero error. This has been fixed in upstream git. (CVE-2012-1107)

3) It was reported that taglib suffers from an integer overflow flaw when parsing file header fields. A file with a crafted header could cause a large allocation and crash the application. This has been corrected in git. (CVE-2012-1584)

Alerts:
Fedora FEDORA-2012-4291 2012-04-06
Fedora FEDORA-2012-4268 2012-04-06
openSUSE openSUSE-SU-2012:0490-1 2012-04-12
Gentoo 201206-16 2012-06-22
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds