|
Message-ID: <CAA5xPpneaHPNVa-EXN17Bdb3CtGzFCz_prYmXj3dD=qH663RCA@mail.gmail.com> Date: Mon, 5 Mar 2012 09:27:43 +0530 From: Zubin Mithra <zubin.mithra@...il.com> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com, Dhanesh k <dhanesh1428@...il.com> Subject: Re: CVE-Request taglib vulnerabilities Hello, > On 03/04/2012 05:53 AM, Zubin Mithra wrote: > > Hello, > > > > Multiple bugs were found and reported in taglib, and have been patched. > Out > > of the 4 reported, 2 were patched recently while 2 only affected taglib > > versions upto 1.7 and not the current development head at github.The > > discussion at the taglib mailing list can be viewed here at [1]. > > > > Kindly assign CVE's for the same. > > > > Thanks, > > Zubin Mithra > > > > [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html > > > > Can you post a summary of the issues needing CVE #'s? Thanks. > > The issues which were present in the development head were :- [1] A crafted ogg file with sampleRate as "0" leads to crash in the application using taglib. fixed in the commit - https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23 [2] "vendorLength" field modification in ogg tag parsing causes crash in the application using taglib. fixed in the commit - https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59 The issues which are present in the latest "release" but not in the current development head were :- [3] Lack of sanity checks of fields which were read, and were used for allocating memory; crafted files would lead of application crash. [4] A one bit change in a working ogg file would cause a thread to loop infinitely. *Please note* :- [1] and [2] were fixed after the report, and could be assigned CVE's. I am unsure about the other two, as they were fixed in the development branch, prior to our report. However, a release has not been made with the patches for [3] and [4] yet. Kindly assign CVE's for [3] and [4] if you see it fit to do so. Regards, Zubin Mithra
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.