oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request taglib vulnerabilities

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 21 Mar 2012 16:42:38 +0100
Zubin Mithra wrote:

[...]
The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.


Not an issue according to upstream:
http://mail.kde.org/pipermail/taglib-devel/2012-March/002187.html


[4] A one bit change in a working ogg file would cause a thread to loop
infinitely.


http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
Previous By Date Next
Previous By Thread Next

Current thread: