Vulnerability CVE-2017-12678

Vulnerability Name:

CVE-2017-12678 (CCN-130069)

Assigned:

2017-08-07

Published:

2017-08-07

Updated:

2021-10-18

Summary:

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-434

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2017-12678

Source: XF
Type: UNKNOWN
taglib-cve201712678-dos(130069)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
https://github.com/taglib/taglib/issues/829

Source: CCN
Type: TagLib GIT Repository
Don't assume TDRC is an instance of TextIdentificationFrame #831

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/taglib/taglib/pull/831

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210930 [SECURITY] [DLA 2772-1] taglib security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:taglib:taglib:1.11.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:taglib:taglib:1.11.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201712678	V	CVE-2017-12678	2023-06-22
oval:org.opensuse.security:def:7679	P	libtag1-1.11.1-4.9.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7967	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:802	P	Security update for squid (Important)	2022-10-06
oval:org.opensuse.security:def:801	P	Security update for cifs-utils (Moderate)	2022-10-05
oval:org.opensuse.security:def:691	P	Security update for sssd (Moderate)	2022-08-10
oval:org.opensuse.security:def:3344	P	python-numpy-1.8.0-5.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3087	P	gnutls-3.3.27-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94717	P	libtag1-1.11.1-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94974	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:207	P	libtag1-1.11.1-4.9.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:202	P	libspice-client-glib-2_0-8-0.38-1.59 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1383	P	Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:491	P	Security update for libxml2 (Important)	2022-05-19
oval:org.opensuse.security:def:112867	P	libtag-devel-1.12-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:49468	P	Security update for nodejs14 (Moderate) (in QA)	2022-01-14
oval:org.opensuse.security:def:70015	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.opensuse.security:def:1138	P	Security update for go1.17 (Moderate)	2021-12-01
oval:org.opensuse.security:def:1494	P	Security update for postgresql13 (Important)	2021-11-22
oval:org.opensuse.security:def:1136	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:64589	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:106327	P	libtag-devel-1.12-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96700	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61580	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103390	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:89735	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71176	P	emacs-25.3-3.3.18 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71289	P	libopenjp2-7-2.3.0-1.25 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71321	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:49188	P	Security update for compat-openssl098 (Low)	2021-09-13
oval:org.opensuse.security:def:1027	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:1257	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (Important)	2021-08-17
oval:org.opensuse.security:def:47324	P	libXv1-1.0.10-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48322	P	tboot-20190704_1.9.10-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47638	P	guile-2.0.9-8.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47565	P	bash-4.3-83.15.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47541	P	yast2-users-3.2.11-1.47 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47338	P	libdcerpc-binding0-32bit-4.6.5+git.27.6afd48b1083-2.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47849	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47722	P	libipa_hbac0-1.16.1-2.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47713	P	libgraphite2-3-1.3.1-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47673	P	libXdmcp6-1.1.1-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47459	P	pam_krb5-2.4.4-4.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47880	P	rsyslog-8.24.0-3.16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48073	P	libXcursor1-1.1.14-4.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47012	P	libdcerpc-atsvc0-4.2.4-26.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47927	P	xorg-x11-libs-7.6-45.14 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47765	P	libpng15-15-1.5.22-9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47652	P	java-1_8_0-ibm-1.8.0_sr5.20-30.36.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47951	P	apache2-mod_jk-1.2.40-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48138	P	libkpathsea6-6.2.0dev-22.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47013	P	libdcerpc-binding0-32bit-4.4.2-29.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48011	P	fuse-2.9.3-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47913	P	vino-3.20.2-5.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47784	P	libsnmp30-32bit-5.7.3-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47052	P	libmysqlclient18-10.0.27-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48169	P	libpcre1-32bit-8.39-8.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47027	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48273	P	policycoreutils-2.5-10.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47212	P	automake-1.13.4-6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48127	P	libimobiledevice6-1.2.0-7.31 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47876	P	rpcbind-0.2.3-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47184	P	xinetd-2.3.15-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48240	P	memcached-1.4.39-4.6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47148	P	rsyslog-8.4.0-14.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48338	P	wget-1.14-21.10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47213	P	avahi-0.6.32-30.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48211	P	libunwind-1.1-11.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48024	P	gnome-shell-3.20.4-77.23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47276	P	gstreamer-1.8.3-9.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47341	P	libevent-2_0-5-2.0.21-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47227	P	cracklib-2.9.0-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47323	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48238	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47424	P	libusbmuxd4-1.0.10-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47473	P	powerpc-utils-1.3.3-5.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47348	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:101016	P	taglib-1.11.1-4.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2370	P	taglib-1.11.1-4.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63459	P	taglib-1.11.1-4.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2432	P	taglib-1.11.1-4.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107682	P	taglib-1.11.1-4.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63521	P	taglib-1.11.1-4.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:94303	P	taglib-1.11.1-4.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101222	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71966	P	libtag1-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72535	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100797	P	bzip2-1.0.6-5.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62225	P	libtag1-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1727	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62816	P	libtag-devel-1.11.1-4.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69893	P	Security update for nodejs10 (Important)	2021-07-15
oval:org.opensuse.security:def:1613	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:46723	P	libexif12-0.6.21-6.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48878	P	libzmq3-4.0.4-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48480	P	libapr-util1-1.5.3-1.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48932	P	libmysqlclient_r18-10.0.35-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46724	P	libfreebl3-3.19.2.1-29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48551	P	libspice-client-glib-2_0-8-0.31-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46738	P	libjbig2-2.0-12.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46859	P	tomcat-8.0.23-1.80 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70978	P	libidn-devel-1.34-1.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71091	P	python3-3.6.5-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71032	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48589	P	pam-modules-12.1-23.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48369	P	apache2-mod_jk-1.2.40-5.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48643	P	vsftpd-3.0.2-31.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48384	P	clamav-0.99.2-25.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48440	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61291	P	libtag1-1.11.1-2.50 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48449	P	java-1_7_0-openjdk-1.7.0.111-33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64502	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:66764	P	Security update for openexr (Important)	2021-05-04
oval:org.opensuse.security:def:69788	P	Security update for glibc (Important)	2021-02-26
oval:org.opensuse.security:def:67936	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP1) (Important)	2020-12-07
oval:org.opensuse.security:def:89933	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62472	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72302	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107463	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71631	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117021	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93857	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62583	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72421	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100570	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61890	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103588	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94084	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62702	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72191	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107236	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116794	P	libtag1-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:66445	P	libXrender-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73110	P	jq on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66537	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49644	P	libICE6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49698	P	libtag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73228	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66672	P	slirp4netns on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73337	P	vim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49242	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64304	P	libXi-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70120	P	libtag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64391	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73455	P	libtag-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67638	P	lftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49414	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67738	P	libtag1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67836	P	xen-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49525	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49579	P	libtag-devel on GA media (Moderate)	2020-12-01
oval:com.ubuntu.bionic:def:2017126780000000	V	CVE-2017-12678 on Ubuntu 18.04 LTS (bionic) - low.	2017-08-08
oval:com.ubuntu.disco:def:2017126780000000	V	CVE-2017-12678 on Ubuntu 19.04 (disco) - low.	2017-08-08
oval:com.ubuntu.artful:def:201712678000	V	CVE-2017-12678 on Ubuntu 17.10 (artful) - low.	2017-08-07
oval:com.ubuntu.xenial:def:201712678000	V	CVE-2017-12678 on Ubuntu 16.04 LTS (xenial) - low.	2017-08-07
oval:com.ubuntu.xenial:def:2017126780000000	V	CVE-2017-12678 on Ubuntu 16.04 LTS (xenial) - low.	2017-08-07
oval:com.ubuntu.bionic:def:201712678000	V	CVE-2017-12678 on Ubuntu 18.04 LTS (bionic) - low.	2017-08-07
oval:com.ubuntu.cosmic:def:201712678000	V	CVE-2017-12678 on Ubuntu 18.10 (cosmic) - low.	2017-08-07
oval:com.ubuntu.cosmic:def:2017126780000000	V	CVE-2017-12678 on Ubuntu 18.10 (cosmic) - low.	2017-08-07
oval:com.ubuntu.trusty:def:201712678000	V	CVE-2017-12678 on Ubuntu 14.04 LTS (trusty) - low.	2017-08-07

BACK