Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 5 Mar 2012 09:27:43 +0530
From: Zubin Mithra <zubin.mithra@...il.com>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com, Dhanesh k <dhanesh1428@...il.com>
Subject: Re: CVE-Request taglib vulnerabilities

Hello,


> On 03/04/2012 05:53 AM, Zubin Mithra wrote:
> > Hello,
> >
> > Multiple bugs were found and reported in taglib, and have been patched.
> Out
> > of the 4 reported, 2 were patched recently while 2 only affected taglib
> > versions upto 1.7 and not the current development head at github.The
> > discussion at the taglib mailing list can be viewed here at [1].
> >
> > Kindly assign CVE's for the same.
> >
> > Thanks,
> > Zubin Mithra
> >
> > [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
> >
>
> Can you post a summary of the issues needing CVE #'s? Thanks.
>
>
The issues which were present in the development head were :-

[1] A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.
         fixed in the commit -
https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23
[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
         fixed in the commit -
https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59


The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.
[4] A one bit change in a working ogg file would cause a thread to loop
infinitely.

*Please note* :-

[1] and [2] were fixed after the report, and could be assigned CVE's.

I am unsure about the other two, as they were fixed in the development
branch, prior to our report. However, a release has not been made with the
patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
it fit to do so.


Regards,
Zubin Mithra

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.