Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 410953 (CVE-2012-1584)

Summary: <media-libs/taglib-1.7.1: Integer Overflow Vulnerability (CVE-2012-1584)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308
Whiteboard: A3 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2012-04-05 21:02:30 UTC 
An integer overflow has been found in taglib. From a mail thread at [1]:

On Sun, Mar 4, 2012 at 4:41 AM, Zubin Mithra <zubin.mithra at gmail.com> wrote:
> - Sanity checks are not performed for fields read from a media file, which
> are used to allocate memory later on. Causes DoS due to application crash at
> the very least, exploitability is unconfirmed.
>
> An example :-
> apeitem.cpp
>   APE::Item::parse(const ByteVector &data)
>     d->key = String(data.mid(8), String::UTF8);

@kde, I believe this may be fixed in 1.7.1. If it is, can we move forward and stabilize that version? Thanks.

[1] https://mail.kde.org/pipermail/taglib-devel/2012-March/002187.html
Comment 1 Johannes Huber (RETIRED) gentoo-dev 2012-04-06 08:51:05 UTC 
Yes go ahead!
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-04-06 15:40:41 UTC 
Thanks.

Arches, please test and mark stable:
=media-libs/taglib-1.7.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2012-04-06 16:39:23 UTC 
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2012-04-06 18:39:11 UTC 
amd64 stable
Comment 5 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-04-07 05:41:13 UTC 
x86 stable
Comment 6 Markus Meier gentoo-dev 2012-04-07 16:51:52 UTC 
arm stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2012-04-08 14:30:33 UTC 
alpha/ia64/sh/sparc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2012-04-16 17:02:16 UTC 
ppc done
Comment 9 Brent Baude (RETIRED) gentoo-dev 2012-04-17 21:33:55 UTC 
ppc64 done
Comment 10 Johannes Huber (RETIRED) gentoo-dev 2012-04-17 21:44:58 UTC 
Thank you all, kde is done here. Removing from cc.

+  17 Apr 2012; Johannes Huber <johu@gentoo.org>
+  -files/taglib-1.7-security.patch, -taglib-1.7-r1.ebuild:
+  Remove old wrt bug #410953.
Comment 11 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-17 22:14:08 UTC 
Thanks, everyone. GLSA already drafted and ready for review.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-06-22 16:51:22 UTC 
This issue was resolved and addressed in
 GLSA 201206-16 at http://security.gentoo.org/glsa/glsa-201206-16.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:36:38 UTC 
CVE-2012-1584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1584):
  Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib
  1.7 and earlier allows context-dependent attackers to cause a denial of
  service (application crash) via a crafted file header field in a media file,
  which triggers a large memory allocation.