Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 407673 - <media-libs/taglib-1.7-r1: Multiple Vulnerabilities Due to Improper Sanity Checks (CVE-2012-{1107,1108})
Summary: <media-libs/taglib-1.7-r1: Multiple Vulnerabilities Due to Improper Sanity Ch...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://mail.kde.org/pipermail/taglib-...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-10 12:58 UTC by Michael Harrison
Modified: 2012-09-08 15:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2012-03-10 12:58:50 UTC
CVE-2012-1107
[1] A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.

Upstream Commit:
https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23

CVE-2012-1108
[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.

Upstream Commit:
https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59

References:
http://secunia.com/advisories/48211/
Comment 1 Samuli Suominen gentoo-dev 2012-03-10 13:13:29 UTC
taglib-1.7-r1 in Portage with the two commits backported
Comment 2 Samuli Suominen gentoo-dev 2012-03-10 13:14:42 UTC
Arch's, test and stabilize:

=media-libs/taglib-1.7-r1 "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 3 Brent Baude (RETIRED) gentoo-dev 2012-03-10 17:08:05 UTC
ppc done
Comment 4 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-03-10 22:14:23 UTC
x86 stable
Comment 5 Brent Baude (RETIRED) gentoo-dev 2012-03-11 13:51:13 UTC
ppc64 done
Comment 6 Agostino Sarubbo gentoo-dev 2012-03-11 15:41:33 UTC
amd64 stable
Comment 7 Jeroen Roovers gentoo-dev 2012-03-13 11:41:47 UTC
Stable for HPPA.
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2012-03-17 17:34:26 UTC
alpha/arm/ia64/sh/sparc stable
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-17 22:19:52 UTC
Thanks, everyone.

GLSA vote: yes.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2012-03-19 05:36:21 UTC
GLSA Vote: no.
Comment 11 Andreas K. Hüttel gentoo-dev 2012-03-25 20:02:38 UTC
Vulnerable version removed from the tree. Thanks everyone.
Comment 12 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-06 16:22:53 UTC
Added to GLSA request with bug 410953.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-06-22 16:51:18 UTC
This issue was resolved and addressed in
 GLSA 201206-16 at http://security.gentoo.org/glsa/glsa-201206-16.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:35:46 UTC
CVE-2012-1108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1108):
  The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows
  remote attackers to cause a denial of service (crash) via a crafted
  vendorLength field in an ogg file.

CVE-2012-1107 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1107):
  The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and
  earlier allows context-dependent attackers to cause a denial of service
  (application crash) via a crafted sampleRate in an ape file, which triggers
  a divide-by-zero error.