Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-Request taglib vulnerabilities
From: Zubin Mithra <zubin.mithra () gmail com>
Date: Mon, 5 Mar 2012 09:27:43 +0530


On 03/04/2012 05:53 AM, Zubin Mithra wrote:

Multiple bugs were found and reported in taglib, and have been patched.
of the 4 reported, 2 were patched recently while 2 only affected taglib
versions upto 1.7 and not the current development head at github.The
discussion at the taglib mailing list can be viewed here at [1].

Kindly assign CVE's for the same.

Zubin Mithra

[1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

Can you post a summary of the issues needing CVE #'s? Thanks.

The issues which were present in the development head were :-

[1] A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.
         fixed in the commit -
[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
         fixed in the commit -

The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.
[4] A one bit change in a working ogg file would cause a thread to loop

*Please note* :-

[1] and [2] were fixed after the report, and could be assigned CVE's.

I am unsure about the other two, as they were fixed in the development
branch, prior to our report. However, a release has not been made with the
patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
it fit to do so.

Zubin Mithra

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]