Vulnerabilities > CVE-2012-1107 - Buffer Overflow and Divide-By-Zero Denial of Service vulnerability in taglib

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
scott-wheeler
nessus
NVD
Published: 2012-09-06
Updated: 2017-08-29

Summary

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.

Vulnerable Configurations

Part Description Count
Application
Scott_Wheeler
12

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-218.NASL
    descriptionSpecially crafted ogg files could crash taglib
    last seen2020-06-05
    modified2014-06-13
    plugin id74595
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74595
    titleopenSUSE Security Update : taglib (openSUSE-SU-2012:0490-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-4291.NASL
    descriptionNew upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-09
    plugin id58625
    published2012-04-09
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58625
    titleFedora 16 : taglib-1.7.1-1.fc16 (2012-4291)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-4184.NASL
    descriptionNew upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-12
    plugin id58690
    published2012-04-12
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58690
    titleFedora 17 : taglib-1.7.1-1.fc17 (2012-4184)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-16 (TagLib: Multiple vulnerabilities) Multiple vulnerabilities have been found in TagLib: The
    last seen2020-06-01
    modified2020-06-02
    plugin id59669
    published2012-06-25
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59669
    titleGLSA-201206-16 : TagLib: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-4268.NASL
    descriptionNew upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2012-04-09
    plugin id58624
    published2012-04-09
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58624
    titleFedora 15 : taglib-1.7.1-1.fc15 (2012-4268)

References