Vulnerabilities > CVE-2012-1584 - Numeric Errors vulnerability in Scott Wheeler Taglib
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-218.NASL description Specially crafted ogg files could crash taglib last seen 2020-06-05 modified 2014-06-13 plugin id 74595 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74595 title openSUSE Security Update : taglib (openSUSE-SU-2012:0490-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-4291.NASL description New upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-09 plugin id 58625 published 2012-04-09 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58625 title Fedora 16 : taglib-1.7.1-1.fc16 (2012-4291) NASL family SuSE Local Security Checks NASL id SUSE_TAGLIB-8041.NASL description The following issue has been fixed : - Specially crafted ogg files could have crashed taglib last seen 2020-06-05 modified 2012-06-15 plugin id 59524 published 2012-06-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59524 title SuSE 10 Security Update : taglib (ZYPP Patch Number 8041) NASL family Fedora Local Security Checks NASL id FEDORA_2012-4184.NASL description New upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-12 plugin id 58690 published 2012-04-12 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58690 title Fedora 17 : taglib-1.7.1-1.fc17 (2012-4184) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-16.NASL description The remote host is affected by the vulnerability described in GLSA-201206-16 (TagLib: Multiple vulnerabilities) Multiple vulnerabilities have been found in TagLib: The last seen 2020-06-01 modified 2020-06-02 plugin id 59669 published 2012-06-25 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59669 title GLSA-201206-16 : TagLib: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-4268.NASL description New upstream release, largely to address security issues related to ogg xiphcomments and ape sampleRate=0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-04-09 plugin id 58624 published 2012-04-09 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58624 title Fedora 15 : taglib-1.7.1-1.fc15 (2012-4268) NASL family SuSE Local Security Checks NASL id SUSE_11_TAGLIB-120417.NASL description The following issue has been fixed : - specially crafted ogg files could have crashed taglib last seen 2020-06-05 modified 2013-01-25 plugin id 64229 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64229 title SuSE 11.1 Security Update : taglib (SAT Patch Number 6179)
References
- http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
- http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
- http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
- http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
- http://secunia.com/advisories/48211
- http://secunia.com/advisories/48211
- http://secunia.com/advisories/48792
- http://secunia.com/advisories/48792
- http://secunia.com/advisories/49688
- http://secunia.com/advisories/49688
- http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml
- http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml
- http://www.openwall.com/lists/oss-security/2012/03/05/19
- http://www.openwall.com/lists/oss-security/2012/03/05/19
- http://www.openwall.com/lists/oss-security/2012/03/21/11
- http://www.openwall.com/lists/oss-security/2012/03/21/11
- http://www.openwall.com/lists/oss-security/2012/03/26/4
- http://www.openwall.com/lists/oss-security/2012/03/26/4
- http://www.securityfocus.com/bid/52290
- http://www.securityfocus.com/bid/52290
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78909
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78909
- https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308
- https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308