[Secure-testing-team] Bug#871511: taglib: CVE-2017-12678
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 8 18:17:19 UTC 2017
Source: taglib
Version: 1.11.1+dfsg.1-0.1
Severity: important
Tags: security patch upstream
Forwarded: https://github.com/taglib/taglib/issues/829
Hi,
the following vulnerability was published for taglib.
CVE-2017-12678[0]:
| In TagLib 1.11.1, the rebuildAggregateFrames function in
| id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
| remote attackers to cause a denial of service or possibly have
| unspecified other impact via a crafted audio file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-12678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12678
[1] https://github.com/taglib/taglib/issues/829
[2] https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list