rpm package
opensuse/taglib&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/taglib&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11439 | Med | 6.5 | < 1.12-1.3 | 1.12-1.3 | May 30, 2018 | The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. | |
| CVE-2017-12678 | Hig | 8.8 | < 1.12-1.3 | 1.12-1.3 | Aug 8, 2017 | In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | |
| CVE-2012-2396 | — | < 1.11-1.4 | 1.11-1.4 | Apr 19, 2012 | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. |
- affected < 1.12-1.3fixed 1.12-1.3
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
- affected < 1.12-1.3fixed 1.12-1.3
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
- CVE-2012-2396Apr 19, 2012affected < 1.11-1.4fixed 1.11-1.4
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.