oss-sec mailing list archives
Re: CVE-Request taglib vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 11:19:38 -0600
On 03/21/2012 09:42 AM, Ludwig Nussel wrote:
Zubin Mithra wrote:[...] The issues which are present in the latest "release" but not in the current development head were :- [3] Lack of sanity checks of fields which were read, and were used for allocating memory; crafted files would lead of application crash.Not an issue according to upstream: http://mail.kde.org/pipermail/taglib-devel/2012-March/002187.html
Shouldn't it simply say "file to large" or "unable to allocate blah" something rather than crashing? I assume by "large" file the file doesn't actually need to be large, just the header information needs to claim it is large?
[4] A one bit change in a working ogg file would cause a thread to loop infinitely.http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532
Has this been confirmed? Does the looping thread actually cause a DoS, simply slow down the application a bit, or?
cu Ludwig
-- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 04)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 05)
- Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 21)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 21)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 21)
- Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 26)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 26)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 04)