CVE-2012-1108 - OpenCVE

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Scott Wheeler	Taglib

Configuration 1 [-]

OR	cpe:2.3:a:scott_wheeler:taglib::::::::
	cpe:2.3:a:scott_wheeler:taglib:1.0:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.1:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.2:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.3:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.3.1:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.4:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.5:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.6:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.6.1:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.6.2:::::::*
	cpe:2.3:a:scott_wheeler:taglib:1.6.3:::::::*

References

Link	Resource
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
http://osvdb.org/79813
http://secunia.com/advisories/48211	Vendor Advisory
http://secunia.com/advisories/48792
http://secunia.com/advisories/49688	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml
http://www.openwall.com/lists/oss-security/2012/03/05/19
http://www.securityfocus.com/bid/52284
https://exchange.xforce.ibmcloud.com/vulnerabilities/73665
https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532	Exploit Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-06T18:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-02-14T00:00:00

Link: CVE-2012-1108

JSON object: View

NVD Information

Status : Modified

Published: 2012-09-06T18:55:01.050

Modified: 2017-08-29T01:31:12.320

Link: CVE-2012-1108

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "49688", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49688"}, {"name": "79813", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/79813"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532"}, {"name": "48792", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48792"}, {"name": "[pipermail] 20120304 multiple security vulnerabilities in taglib", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html"}, {"name": "GLSA-201206-16", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml"}, {"name": "[pipermail] 20120305 multiple security vulnerabilities in taglib", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html"}, {"name": "48211", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48211"}, {"name": "taglib-parse-dos(73665)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73665"}, {"name": "52284", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52284"}, {"name": "[oss-security] 20120305 Re: CVE-Request taglib vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/05/19"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1108", "datePublished": "2012-09-06T18:00:00", "dateReserved": "2012-02-14T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scott_wheeler:taglib:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F562C2E-4011-40CD-B0D0-2A3F9DBCAB8D", "versionEndIncluding": "1.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C28F20C9-4939-4F4A-96A8-B44B84F20DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "11625F29-9539-45ED-8C69-BE49CB3E1640", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D74F6CEA-4FEE-44CD-844A-886E5A6B2D76", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A7EE066F-C257-4AE8-81ED-880F0DB35CDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3BEFD3D-3091-41B2-93E1-9BB5464455B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "403A4D45-BE2E-41DC-971E-6A83B0F44DD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C64D253F-DE01-46D0-A1BD-099DF5ABC445", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "062A2172-E47F-43BA-AB6C-E7CE669D2BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "34AF2A82-886F-42F5-9841-ECACE1BED7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "CDBC7873-2E15-44AA-8D31-10394CED96BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:scott_wheeler:taglib:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F990984E-7F9F-4DC0-B05D-60F88F8DC947", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file."}, {"lang": "es", "value": "La funci\u00f3n de an\u00e1lisis en ogg/xiphcomment.cpp en TagLib v1.7 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un campo vendorLength dise\u00f1ado en un archivo ogg"}], "id": "CVE-2012-1108", "lastModified": "2017-08-29T01:31:12.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-09-06T18:55:01.050", "references": [{"source": "secalert@redhat.com", "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html"}, {"source": "secalert@redhat.com", "url": "http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/79813"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48211"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48792"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/49688"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/05/19"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52284"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73665"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}