Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Mar 2012 14:21:06 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Zubin Mithra <zubin.mithra@...il.com>, Dhanesh k <dhanesh1428@...il.com>
Subject: Re: CVE-Request taglib vulnerabilities

On 03/04/2012 08:57 PM, Zubin Mithra wrote:
> Hello,
> 
> 
>> On 03/04/2012 05:53 AM, Zubin Mithra wrote:
>>> Hello,
>>>
>>> Multiple bugs were found and reported in taglib, and have been patched.
>> Out
>>> of the 4 reported, 2 were patched recently while 2 only affected taglib
>>> versions upto 1.7 and not the current development head at github.The
>>> discussion at the taglib mailing list can be viewed here at [1].
>>>
>>> Kindly assign CVE's for the same.
>>>
>>> Thanks,
>>> Zubin Mithra
>>>
>>> [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
>>>
>>
>> Can you post a summary of the issues needing CVE #'s? Thanks.
>>
>>
> The issues which were present in the development head were :-
> 
> [1] A crafted ogg file with sampleRate as "0" leads to crash in the
> application using taglib.
>          fixed in the commit -
> https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23

Please use CVE-2012-1107 for this issue.

> [2] "vendorLength" field modification in ogg tag parsing causes crash in
> the application using taglib.
>          fixed in the commit -
> https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59

Please use CVE-2012-1108 for this issue.

> The issues which are present in the latest "release" but not in the current
> development head were :-
> 
> [3] Lack of sanity checks of fields which were read, and were used for
> allocating memory; crafted files would lead of application crash.
> [4] A one bit change in a working ogg file would cause a thread to loop
> infinitely.

Note enough information to assign CVEs.

> *Please note* :-
> 
> [1] and [2] were fixed after the report, and could be assigned CVE's.
> 
> I am unsure about the other two, as they were fixed in the development
> branch, prior to our report. However, a release has not been made with the
> patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
> it fit to do so.
> 
> 
> Regards,
> Zubin Mithra
> 


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.