CVE-2012-1107 : The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier a

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.

Published 2012-09-06 18:55:01

Updated 2017-08-29 01:31:12

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-1107

Scott Wheeler » Taglib
Versions up to, including, (<=) 1.7
cpe:2.3:a:scott_wheeler:taglib:*:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.6
cpe:2.3:a:scott_wheeler:taglib:1.6:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.3.1
cpe:2.3:a:scott_wheeler:taglib:1.3.1:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.0
cpe:2.3:a:scott_wheeler:taglib:1.0:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.1
cpe:2.3:a:scott_wheeler:taglib:1.1:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.4
cpe:2.3:a:scott_wheeler:taglib:1.4:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.2
cpe:2.3:a:scott_wheeler:taglib:1.2:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.6.2
cpe:2.3:a:scott_wheeler:taglib:1.6.2:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.5
cpe:2.3:a:scott_wheeler:taglib:1.5:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.6.3
cpe:2.3:a:scott_wheeler:taglib:1.6.3:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.6.1
cpe:2.3:a:scott_wheeler:taglib:1.6.1:*:*:*:*:*:*:*
Matching versions
Scott Wheeler » Taglib » Version: 1.3
cpe:2.3:a:scott_wheeler:taglib:1.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-1107

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-1107

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2012-1107

http://mail.kde.org/pipermail/taglib-devel/2012-March/002187.html

multiple security vulnerabilities in taglib
http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html

multiple security vulnerabilities in taglib

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/73666

TagLib analyzeCurrent() denial of service CVE-2012-1107 Vulnerability Report
http://www.openwall.com/lists/oss-security/2012/03/05/19

oss-security - Re: CVE-Request taglib vulnerabilities

CVEs referencing this url
http://www.securityfocus.com/bid/52284

taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-201206-16.xml

TagLib: Multiple vulnerabilities (GLSA 201206-16) — Gentoo security

CVEs referencing this url
https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23

Make sure to not try dividing by zero · taglib/taglib@77d61c6 · GitHub
Exploit;Patch

Jump to

Vulnerability Details : CVE-2012-1107

Products affected by CVE-2012-1107

Exploit prediction scoring system (EPSS) score for CVE-2012-1107

CVSS scores for CVE-2012-1107

References for CVE-2012-1107