Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 05 Mar 2012 14:21:06 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Zubin Mithra <zubin.mithra@...il.com>, Dhanesh k <dhanesh1428@...il.com>
Subject: Re: CVE-Request taglib vulnerabilities

On 03/04/2012 08:57 PM, Zubin Mithra wrote:
> Hello,
> 
> 
>> On 03/04/2012 05:53 AM, Zubin Mithra wrote:
>>> Hello,
>>>
>>> Multiple bugs were found and reported in taglib, and have been patched.
>> Out
>>> of the 4 reported, 2 were patched recently while 2 only affected taglib
>>> versions upto 1.7 and not the current development head at github.The
>>> discussion at the taglib mailing list can be viewed here at [1].
>>>
>>> Kindly assign CVE's for the same.
>>>
>>> Thanks,
>>> Zubin Mithra
>>>
>>> [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
>>>
>>
>> Can you post a summary of the issues needing CVE #'s? Thanks.
>>
>>
> The issues which were present in the development head were :-
> 
> [1] A crafted ogg file with sampleRate as "0" leads to crash in the
> application using taglib.
>          fixed in the commit -
> https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23

Please use CVE-2012-1107 for this issue.

> [2] "vendorLength" field modification in ogg tag parsing causes crash in
> the application using taglib.
>          fixed in the commit -
> https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59

Please use CVE-2012-1108 for this issue.

> The issues which are present in the latest "release" but not in the current
> development head were :-
> 
> [3] Lack of sanity checks of fields which were read, and were used for
> allocating memory; crafted files would lead of application crash.
> [4] A one bit change in a working ogg file would cause a thread to loop
> infinitely.

Note enough information to assign CVEs.

> *Please note* :-
> 
> [1] and [2] were fixed after the report, and could be assigned CVE's.
> 
> I am unsure about the other two, as they were fixed in the development
> branch, prior to our report. However, a release has not been made with the
> patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
> it fit to do so.
> 
> 
> Regards,
> Zubin Mithra
> 


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.