Lucene search

PRIOn knowledge basePRION:CVE-2012-1584

HistorySep 06, 2012 - 6:55 p.m.

Integer overflow

2012-09-0618:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.

CPENameOperatorVersion
taglibeq1.6
taglibeq1.1
taglibeq1.0
taglibeq1.6.3
taglibeq1.2
taglibeq1.6.2
taglibeq1.5
taglible1.7
taglibeq1.3
taglibeq1.6.1

Name	Operator	Version
taglib	eq	1.6
taglib	eq	1.1
taglib	eq	1.0
taglib	eq	1.6.3
taglib	eq	1.2
taglib	eq	1.6.2
taglib	eq	1.5
taglib	le	1.7
taglib	eq	1.3
taglib	eq	1.6.1

Rows per page:

1-10 of 121

References

mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

mail.kde.org/pipermail/taglib-devel/2012-March/002191.html

secunia.com/advisories/48211

secunia.com/advisories/48792

secunia.com/advisories/49688

www.gentoo.org/security/en/glsa/glsa-201206-16.xml

www.openwall.com/lists/oss-security/2012/03/05/19

www.openwall.com/lists/oss-security/2012/03/21/11

www.openwall.com/lists/oss-security/2012/03/26/4

www.securityfocus.com/bid/52290

exchange.xforce.ibmcloud.com/vulnerabilities/78909

github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308