Vulnerability CVE-2012-1108

Vulnerability Name:

CVE-2012-1108 (CCN-73665)

Assigned:

2012-03-04

Published:

2012-03-04

Updated:

2017-08-29

Summary:

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2012-1108

Source: CCN
Type: TagLib Web page
TagLib

Source: CCN
Type: kde mailing list, Sun Mar 4 03:41:20 UTC 2012
multiple security vulnerabilities in taglib

Source: MLIST
Type: UNKNOWN
[pipermail] 20120304 multiple security vulnerabilities in taglib

Source: MLIST
Type: UNKNOWN
[pipermail] 20120305 multiple security vulnerabilities in taglib

Source: OSVDB
Type: UNKNOWN
79813

Source: CCN
Type: SA48211
TagLib Multiple Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
48211

Source: SECUNIA
Type: UNKNOWN
48792

Source: SECUNIA
Type: Vendor Advisory
49688

Source: GENTOO
Type: UNKNOWN
GLSA-201206-16

Source: MLIST
Type: UNKNOWN
[oss-security] 20120305 Re: CVE-Request taglib vulnerabilities

Source: CCN
Type: OSVDB ID: 79813
TagLib ogg/xiphcomment.cpp parse() Function OGG File Handling Remote DoS

Source: BID
Type: UNKNOWN
52284

Source: CCN
Type: BID-52284
taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities

Source: CCN
Type: BID-52290
taglib Memory Corruption and Infinite Loop Denial Of Service Vulnerabilities

Source: XF
Type: UNKNOWN
taglib-parse-dos(73665)

Source: XF
Type: UNKNOWN
taglib-parse-dos(73665)

Source: CCN
Type: TagLib GIT Repository
TagLib

Source: CONFIRM
Type: Exploit, Patch
https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532

Vulnerable Configuration:

Configuration 1:

cpe:/a:scott_wheeler:taglib:1.0:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.1:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.2:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.3:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.4:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.5:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.6:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:scott_wheeler:taglib:*:*:*:*:*:*:*:* (Version <= 1.7)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20121108	V	CVE-2012-1108	2022-05-20
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26223	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:32227	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:32225	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:30270	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:26170	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:26141	P	Security update for webkit2gtk3 (Important)	2021-10-06
oval:org.opensuse.security:def:29428	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:26134	P	Security update for the Linux Kernel (Important)	2021-09-23
oval:org.opensuse.security:def:33007	P	Security update for curl (Moderate)	2021-09-21
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:32176	P	Security update for aspell (Important)	2021-08-25
oval:org.opensuse.security:def:32968	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32140	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:36307	P	taglib-1.5-19.23.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32937	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36573	P	taglib-devel-1.5-19.23.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42714	P	taglib-1.5-19.23.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26060	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:32083	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:33637	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:29482	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:32264	P	Security update for perl-XML-Twig (Moderate)	2021-03-01
oval:org.opensuse.security:def:26198	P	Security update for avahi (Moderate)	2021-02-23
oval:org.opensuse.security:def:31728	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33072	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:26122	P	Security update for python-urllib3 (Moderate)	2021-02-03
oval:org.opensuse.security:def:33681	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:32120	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:28917	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:42451	P	taglib-1.5-19.23.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36044	P	taglib-1.5-19.23.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:34319	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:33167	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27305	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27270	P	powerpc-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26632	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32858	P	fetchmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31964	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:26588	P	libicu-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32847	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31877	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26574	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33270	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32846	P	dbus-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29134	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26535	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33231	P	perl-libwww-perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29048	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:26486	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:32593	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26433	P	Security update for MozillaThunderbird (Critical)	2020-12-01
oval:org.opensuse.security:def:32549	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28848	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:26282	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:32527	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28837	P	Security update for telepathy-idle	2020-12-01
oval:org.opensuse.security:def:25935	P	Security update for libcares2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32488	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27571	P	taglib-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28836	P	Security update for tcpdump	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32439	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27536	P	php53-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25797	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32383	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26898	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25669	P	Security update for gcc10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26854	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25605	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:26840	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34359	P	Security update for taglib	2020-12-01
oval:org.opensuse.security:def:25594	P	Security update for targetcli-fb (Moderate)	2020-12-01
oval:org.opensuse.security:def:31820	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:26801	P	pcsc-ccid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25593	P	Security update for openvpn (Moderate)	2020-12-01
oval:org.opensuse.security:def:26752	P	libmusicbrainz4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31596	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26699	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31522	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:26548	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33613	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31511	P	Security update for python27-urllib3, python27-boto3, python27-botocore, python27-s3transfer (Moderate)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:33574	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:30307	P	Security update for taglib	2020-12-01
oval:org.opensuse.security:def:31510	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33525	P	Security update for tgt	2020-12-01
oval:org.opensuse.security:def:33468	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:29632	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25932	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:33311	P	libopenssl1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29588	P	Security update for php5	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:33224	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29570	P	Security update for SuSEfirewall2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25857	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29531	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27042	P	taglib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25856	P	Security update for gd (Important)	2020-12-01
oval:org.opensuse.security:def:31991	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27007	P	pam_mount on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31859	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26369	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29275	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26325	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31774	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29191	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26311	P	Security update for openstack-nova and openstack-neutron (Moderate)	2020-12-01
oval:org.opensuse.security:def:31773	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:26272	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:32330	P	Security update for samba (Important)	2020-12-01
oval:com.ubuntu.precise:def:20121108000	V	CVE-2012-1108 on Ubuntu 12.04 LTS (precise) - low.	2012-09-06
oval:com.ubuntu.xenial:def:201211080000000	V	CVE-2012-1108 on Ubuntu 16.04 LTS (xenial) - low.	2012-09-06
oval:com.ubuntu.trusty:def:20121108000	V	CVE-2012-1108 on Ubuntu 14.04 LTS (trusty) - low.	2012-09-06
oval:com.ubuntu.xenial:def:20121108000	V	CVE-2012-1108 on Ubuntu 16.04 LTS (xenial) - low.	2012-09-06

BACK