416143 – <media-libs/taglib-1.7.2 : MP4 File Parsing Division By Zero Denial of Service Vulnerability (CVE-2012-2396)

Bug 416143 - <media-libs/taglib-1.7.2 : MP4 File Parsing Division By Zero Denial of Service Vulnerability (CVE-2012-2396)

Summary: <media-libs/taglib-1.7.2 : MP4 File Parsing Division By Zero Denial of Servic...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://secunia.com/advisories/49159/
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-05-15 19:30 UTC by Agostino Sarubbo
Modified:	2012-05-27 22:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-05-15 19:30:04 UTC

From secunia security advisory at $URL:

Description
A vulnerability has been reported in TagLib, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

The vulnerability is caused due to a division by zero error within the parsing of MP4 files can be exploited to cause a crash.

The vulnerability is reported in versions prior to 1.7.2.


Solution
Update to version 1.7.2.

Comment 1 Agostino Sarubbo gentoo-dev

2012-05-15 19:30:36 UTC

Arches, please test and mark stable:
=media-libs/taglib-1.7.2
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2012-05-16 16:36:10 UTC

Stable for HPPA.

Comment 3 Jeff (JD) Horelick (RETIRED) gentoo-dev

2012-05-17 09:21:49 UTC

x86 stable

Comment 4 Tobias Klausmann (RETIRED) gentoo-dev

2012-05-17 18:52:00 UTC

Stable on alpha.

Comment 5 Michael Harrison 2012-05-18 19:26:51 UTC

amd64 ok

Comment 6 Agostino Sarubbo gentoo-dev

2012-05-19 14:03:55 UTC

amd64 stable

Comment 7 Mark Loeser (RETIRED) gentoo-dev

2012-05-20 07:11:42 UTC

ppc/ppc64 done

Comment 8 Markus Meier gentoo-dev

2012-05-26 10:00:49 UTC

arm stable

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2012-05-26 17:17:39 UTC

ia64/sh/sparc stable

Comment 10 Johannes Huber (RETIRED) gentoo-dev

2012-05-26 18:06:39 UTC

Thank you all. <media-libs/taglib-1.7.2 removed from tree. Removing kde from CC as we are have nothing to do here anymore.

Comment 11 Sean Amoss (RETIRED) gentoo-dev

2012-05-26 18:59:23 UTC

Thanks, everyone.

GLSA vote: no.

Comment 12 Tim Sammut (RETIRED) gentoo-dev

2012-05-27 22:38:09 UTC

No too, closing noglsa.