Lucene search

PRIOn knowledge basePRION:CVE-2012-1107

HistorySep 06, 2012 - 6:55 p.m.

Design/Logic Flaw

2012-09-0618:55:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.

CPENameOperatorVersion
taglibeq1.6
taglibeq1.1
taglibeq1.0
taglibeq1.6.3
taglibeq1.2
taglibeq1.6.2
taglibeq1.5
taglible1.7
taglibeq1.3
taglibeq1.6.1

Name	Operator	Version
taglib	eq	1.6
taglib	eq	1.1
taglib	eq	1.0
taglib	eq	1.6.3
taglib	eq	1.2
taglib	eq	1.6.2
taglib	eq	1.5
taglib	le	1.7
taglib	eq	1.3
taglib	eq	1.6.1

Rows per page:

1-10 of 121

References

mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

mail.kde.org/pipermail/taglib-devel/2012-March/002187.html

osvdb.org/79814

secunia.com/advisories/48211

secunia.com/advisories/48792

secunia.com/advisories/49688

www.gentoo.org/security/en/glsa/glsa-201206-16.xml

www.openwall.com/lists/oss-security/2012/03/05/19

www.securityfocus.com/bid/52284

exchange.xforce.ibmcloud.com/vulnerabilities/73666

github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23