You are here

CVE-2012-1584

Vincent (CVE) Danen's picture
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.

Details Source

Mitre

Statement

taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue.

Public Date

2012-03-04 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-1584 taglib: integer overflow can crash application

Bugzilla ID

810 009

CVSS Status

draft

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 taglib Affected