A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.
 "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
taglib-1.7-r1 in Portage with the two commits backported
Arch's, test and stabilize:
=media-libs/taglib-1.7-r1 "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Stable for HPPA.
GLSA vote: yes.
GLSA Vote: no.
Vulnerable version removed from the tree. Thanks everyone.
Added to GLSA request with bug 410953.
This issue was resolved and addressed in
GLSA 201206-16 at http://security.gentoo.org/glsa/glsa-201206-16.xml
by GLSA coordinator Sean Amoss (ackle).
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows
remote attackers to cause a denial of service (crash) via a crafted
vendorLength field in an ogg file.
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and
earlier allows context-dependent attackers to cause a denial of service
(application crash) via a crafted sampleRate in an ape file, which triggers
a divide-by-zero error.