Summary: | <media-libs/taglib-1.7.1: Integer Overflow Vulnerability (CVE-2012-1584) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2012-04-05 21:02:30 UTC
Yes go ahead! Thanks. Arches, please test and mark stable: =media-libs/taglib-1.7.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Stable for HPPA. amd64 stable x86 stable arm stable alpha/ia64/sh/sparc stable ppc done ppc64 done Thank you all, kde is done here. Removing from cc. + 17 Apr 2012; Johannes Huber <johu@gentoo.org> + -files/taglib-1.7-security.patch, -taglib-1.7-r1.ebuild: + Remove old wrt bug #410953. Thanks, everyone. GLSA already drafted and ready for review. This issue was resolved and addressed in GLSA 201206-16 at http://security.gentoo.org/glsa/glsa-201206-16.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-1584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1584): Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. |