oss-sec mailing list archives
Re: CVE-Request taglib vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 05 Mar 2012 14:21:06 -0700
On 03/04/2012 08:57 PM, Zubin Mithra wrote:
Hello,On 03/04/2012 05:53 AM, Zubin Mithra wrote:Hello, Multiple bugs were found and reported in taglib, and have been patched.Outof the 4 reported, 2 were patched recently while 2 only affected taglib versions upto 1.7 and not the current development head at github.The discussion at the taglib mailing list can be viewed here at [1]. Kindly assign CVE's for the same. Thanks, Zubin Mithra [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.htmlCan you post a summary of the issues needing CVE #'s? Thanks.The issues which were present in the development head were :- [1] A crafted ogg file with sampleRate as "0" leads to crash in the application using taglib. fixed in the commit - https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23
Please use CVE-2012-1107 for this issue.
[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
fixed in the commit -
https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59
Please use CVE-2012-1108 for this issue.
The issues which are present in the latest "release" but not in the current development head were :- [3] Lack of sanity checks of fields which were read, and were used for allocating memory; crafted files would lead of application crash. [4] A one bit change in a working ogg file would cause a thread to loop infinitely.
Note enough information to assign CVEs.
*Please note* :- [1] and [2] were fixed after the report, and could be assigned CVE's. I am unsure about the other two, as they were fixed in the development branch, prior to our report. However, a release has not been made with the patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see it fit to do so. Regards, Zubin Mithra
-- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 04)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 05)
- Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 21)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 21)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 21)
- Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 26)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 26)
- Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
- Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 04)