4.3

CVE-2012-1584

Exploit
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Scott WheelerTaglib Version <= 1.7
Scott WheelerTaglib Version1.0
Scott WheelerTaglib Version1.1
Scott WheelerTaglib Version1.2
Scott WheelerTaglib Version1.3
Scott WheelerTaglib Version1.3.1
Scott WheelerTaglib Version1.4
Scott WheelerTaglib Version1.5
Scott WheelerTaglib Version1.6
Scott WheelerTaglib Version1.6.1
Scott WheelerTaglib Version1.6.2
Scott WheelerTaglib Version1.6.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html
http://secunia.com/advisories/48211
Vendor Advisory
http://secunia.com/advisories/48792
http://secunia.com/advisories/49688
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml
http://www.openwall.com/lists/oss-security/2012/03/05/19
http://mail.kde.org/pipermail/taglib-devel/2012-March/002191.html
http://www.openwall.com/lists/oss-security/2012/03/21/11
http://www.openwall.com/lists/oss-security/2012/03/26/4
http://www.securityfocus.com/bid/52290
https://exchange.xforce.ibmcloud.com/vulnerabilities/78909
https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308
Patch
Exploit