CVE-2012-1108

2012-09-0618:55:01

CWE-20

[email protected]

web.nvd.nist.gov

security

vulnerability

cve-2012-1108

taglib

ogg

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

JSON

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

Affected configurations

NVD

Node

scott_wheelertaglibRange≤1.7

scott_wheelertaglibMatch1.0

scott_wheelertaglibMatch1.1

scott_wheelertaglibMatch1.2

scott_wheelertaglibMatch1.3

scott_wheelertaglibMatch1.3.1

scott_wheelertaglibMatch1.4

scott_wheelertaglibMatch1.5

scott_wheelertaglibMatch1.6

scott_wheelertaglibMatch1.6.1

scott_wheelertaglibMatch1.6.2

scott_wheelertaglibMatch1.6.3

CPENameOperatorVersion
scott_wheeler:taglibscott wheeler taglible1.7
scott_wheeler:taglibscott wheeler taglibeq1.0
scott_wheeler:taglibscott wheeler taglibeq1.1
scott_wheeler:taglibscott wheeler taglibeq1.2
scott_wheeler:taglibscott wheeler taglibeq1.3
scott_wheeler:taglibscott wheeler taglibeq1.3.1
scott_wheeler:taglibscott wheeler taglibeq1.4
scott_wheeler:taglibscott wheeler taglibeq1.5
scott_wheeler:taglibscott wheeler taglibeq1.6
scott_wheeler:taglibscott wheeler taglibeq1.6.1

CPE	Name	Operator	Version
scott_wheeler:taglib	scott wheeler taglib	le	1.7
scott_wheeler:taglib	scott wheeler taglib	eq	1.0
scott_wheeler:taglib	scott wheeler taglib	eq	1.1
scott_wheeler:taglib	scott wheeler taglib	eq	1.2
scott_wheeler:taglib	scott wheeler taglib	eq	1.3
scott_wheeler:taglib	scott wheeler taglib	eq	1.3.1
scott_wheeler:taglib	scott wheeler taglib	eq	1.4
scott_wheeler:taglib	scott wheeler taglib	eq	1.5
scott_wheeler:taglib	scott wheeler taglib	eq	1.6
scott_wheeler:taglib	scott wheeler taglib	eq	1.6.1