Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Mar 2012 09:27:43 +0530
From: Zubin Mithra <>
To: Kurt Seifried <>
Cc:, Dhanesh k <>
Subject: Re: CVE-Request taglib vulnerabilities


> On 03/04/2012 05:53 AM, Zubin Mithra wrote:
> > Hello,
> >
> > Multiple bugs were found and reported in taglib, and have been patched.
> Out
> > of the 4 reported, 2 were patched recently while 2 only affected taglib
> > versions upto 1.7 and not the current development head at github.The
> > discussion at the taglib mailing list can be viewed here at [1].
> >
> > Kindly assign CVE's for the same.
> >
> > Thanks,
> > Zubin Mithra
> >
> > [1]
> >
> Can you post a summary of the issues needing CVE #'s? Thanks.
The issues which were present in the development head were :-

[1] A crafted ogg file with sampleRate as "0" leads to crash in the
application using taglib.
         fixed in the commit -
[2] "vendorLength" field modification in ogg tag parsing causes crash in
the application using taglib.
         fixed in the commit -

The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.
[4] A one bit change in a working ogg file would cause a thread to loop

*Please note* :-

[1] and [2] were fixed after the report, and could be assigned CVE's.

I am unsure about the other two, as they were fixed in the development
branch, prior to our report. However, a release has not been made with the
patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see
it fit to do so.

Zubin Mithra

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.