FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

taglib -- heap-based buffer over-read via a crafted audio file

Affected packages
taglib < 1.12.b.1

Details

VuXML ID d3f3e818-8d10-11ea-8668-e0d55e2a8bf9
Discovery 2018-05-28
Entry 2020-05-03

Webin security lab - dbapp security Ltd reports:

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

References

CVE Name CVE-2018-11439
URL https://seclists.org/fulldisclosure/2018/May/49