Lucene search

PRIOn knowledge basePRION:CVE-2012-1108

HistorySep 06, 2012 - 6:55 p.m.

Design/Logic Flaw

2012-09-0618:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

CPENameOperatorVersion
taglibeq1.6
taglibeq1.1
taglibeq1.0
taglibeq1.6.3
taglibeq1.2
taglibeq1.6.2
taglibeq1.5
taglible1.7
taglibeq1.3
taglibeq1.6.1

Name	Operator	Version
taglib	eq	1.6
taglib	eq	1.1
taglib	eq	1.0
taglib	eq	1.6.3
taglib	eq	1.2
taglib	eq	1.6.2
taglib	eq	1.5
taglib	le	1.7
taglib	eq	1.3
taglib	eq	1.6.1

Rows per page:

1-10 of 121

References

mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

mail.kde.org/pipermail/taglib-devel/2012-March/002191.html

osvdb.org/79813

secunia.com/advisories/48211

secunia.com/advisories/48792

secunia.com/advisories/49688

www.gentoo.org/security/en/glsa/glsa-201206-16.xml

www.openwall.com/lists/oss-security/2012/03/05/19

www.securityfocus.com/bid/52284

exchange.xforce.ibmcloud.com/vulnerabilities/73665

github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532