Date: Mon, 05 Mar 2012 14:21:06 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Zubin Mithra <zubin.mithra@...il.com>, Dhanesh k <dhanesh1428@...il.com> Subject: Re: CVE-Request taglib vulnerabilities On 03/04/2012 08:57 PM, Zubin Mithra wrote: > Hello, > > >> On 03/04/2012 05:53 AM, Zubin Mithra wrote: >>> Hello, >>> >>> Multiple bugs were found and reported in taglib, and have been patched. >> Out >>> of the 4 reported, 2 were patched recently while 2 only affected taglib >>> versions upto 1.7 and not the current development head at github.The >>> discussion at the taglib mailing list can be viewed here at . >>> >>> Kindly assign CVE's for the same. >>> >>> Thanks, >>> Zubin Mithra >>> >>>  http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html >>> >> >> Can you post a summary of the issues needing CVE #'s? Thanks. >> >> > The issues which were present in the development head were :- > >  A crafted ogg file with sampleRate as "0" leads to crash in the > application using taglib. > fixed in the commit - > https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23 Please use CVE-2012-1107 for this issue. >  "vendorLength" field modification in ogg tag parsing causes crash in > the application using taglib. > fixed in the commit - > https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59 Please use CVE-2012-1108 for this issue. > The issues which are present in the latest "release" but not in the current > development head were :- > >  Lack of sanity checks of fields which were read, and were used for > allocating memory; crafted files would lead of application crash. >  A one bit change in a working ogg file would cause a thread to loop > infinitely. Note enough information to assign CVEs. > *Please note* :- > >  and  were fixed after the report, and could be assigned CVE's. > > I am unsure about the other two, as they were fixed in the development > branch, prior to our report. However, a release has not been made with the > patches for  and  yet. Kindly assign CVE's for  and  if you see > it fit to do so. > > > Regards, > Zubin Mithra > -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ