Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-Request taglib vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 05 Mar 2012 14:21:06 -0700

On 03/04/2012 08:57 PM, Zubin Mithra wrote:

On 03/04/2012 05:53 AM, Zubin Mithra wrote:

Multiple bugs were found and reported in taglib, and have been patched.
of the 4 reported, 2 were patched recently while 2 only affected taglib
versions upto 1.7 and not the current development head at github.The
discussion at the taglib mailing list can be viewed here at [1].

Kindly assign CVE's for the same.

Zubin Mithra

[1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

Can you post a summary of the issues needing CVE #'s? Thanks.

The issues which were present in the development head were :-

[1] A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.
         fixed in the commit -

Please use CVE-2012-1107 for this issue.

[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
         fixed in the commit -

Please use CVE-2012-1108 for this issue.

The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.
[4] A one bit change in a working ogg file would cause a thread to loop

Note enough information to assign CVEs.

*Please note* :-

[1] and [2] were fixed after the report, and could be assigned CVE's.

I am unsure about the other two, as they were fixed in the development
branch, prior to our report. However, a release has not been made with the
patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
it fit to do so.

Zubin Mithra

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]