Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 410953 (CVE-2012-1584) - <media-libs/taglib-1.7.1: Integer Overflow Vulnerability (CVE-2012-1584)
Summary: <media-libs/taglib-1.7.1: Integer Overflow Vulnerability (CVE-2012-1584)
Status: RESOLVED FIXED
Alias: CVE-2012-1584
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/taglib/taglib/comm...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-05 21:02 UTC by Tim Sammut (RETIRED)
Modified: 2012-09-08 15:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2012-04-05 21:02:30 UTC
An integer overflow has been found in taglib. From a mail thread at [1]:

On Sun, Mar 4, 2012 at 4:41 AM, Zubin Mithra <zubin.mithra at gmail.com> wrote:
> - Sanity checks are not performed for fields read from a media file, which
> are used to allocate memory later on. Causes DoS due to application crash at
> the very least, exploitability is unconfirmed.
>
> An example :-
> apeitem.cpp
>   APE::Item::parse(const ByteVector &data)
>     d->key = String(data.mid(8), String::UTF8);

@kde, I believe this may be fixed in 1.7.1. If it is, can we move forward and stabilize that version? Thanks.

[1] https://mail.kde.org/pipermail/taglib-devel/2012-March/002187.html
Comment 1 Johannes Huber gentoo-dev 2012-04-06 08:51:05 UTC
Yes go ahead!
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-04-06 15:40:41 UTC
Thanks.

Arches, please test and mark stable:
=media-libs/taglib-1.7.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2012-04-06 16:39:23 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2012-04-06 18:39:11 UTC
amd64 stable
Comment 5 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-04-07 05:41:13 UTC
x86 stable
Comment 6 Markus Meier gentoo-dev 2012-04-07 16:51:52 UTC
arm stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2012-04-08 14:30:33 UTC
alpha/ia64/sh/sparc stable
Comment 8 Brent Baude (RETIRED) gentoo-dev 2012-04-16 17:02:16 UTC
ppc done
Comment 9 Brent Baude (RETIRED) gentoo-dev 2012-04-17 21:33:55 UTC
ppc64 done
Comment 10 Johannes Huber gentoo-dev 2012-04-17 21:44:58 UTC
Thank you all, kde is done here. Removing from cc.

+  17 Apr 2012; Johannes Huber <johu@gentoo.org>
+  -files/taglib-1.7-security.patch, -taglib-1.7-r1.ebuild:
+  Remove old wrt bug #410953.
Comment 11 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-17 22:14:08 UTC
Thanks, everyone. GLSA already drafted and ready for review.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-06-22 16:51:22 UTC
This issue was resolved and addressed in
 GLSA 201206-16 at http://security.gentoo.org/glsa/glsa-201206-16.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2012-09-08 15:36:38 UTC
CVE-2012-1584 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1584):
  Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib
  1.7 and earlier allows context-dependent attackers to cause a denial of
  service (application crash) via a crafted file header field in a media file,
  which triggers a large memory allocation.