exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

TagLib Audio Meta-Data Library 1.11.1 Information Disclosure

TagLib Audio Meta-Data Library 1.11.1 Information Disclosure
Posted May 29, 2018
Authored by Webin Security Lab

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib version 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

tags | advisory, remote, info disclosure
SHA-256 | aef2419e47ea6d4026994bdeff4c305d9c04fb5575c81572288b93ee7047ba9d

TagLib Audio Meta-Data Library 1.11.1 Information Disclosure

Change Mirror Download
taglib vulnerability
================
Author : Webin security lab - dbapp security Ltd
===============


Introduction:
=============
TagLib Audio Meta-Data Library

http://taglib.org/

TagLib is a library for reading and editing the meta-data of several popular audio formats. Currently it supports both ID3v1 and ID3v2 for MP3 files, Ogg Vorbis comments and ID3 tags and Vorbis comments in FLAC, MPC, Speex, WavPack, TrueAudio, WAV, AIFF, MP4 and ASF files.

TagLib is distributed under the GNU Lesser General Public License (LGPL) and Mozilla Public License (MPL). Essentially that means that it may be used in proprietary applications, but if changes are made to TagLib they must be contributed back to the project. Please review the licenses if you are considering using TagLib in your project.

Affected version:
=====
1.11.1


Vulnerability Description:
==========================


The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.


tag reader file_scan


==23969==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000c75 at pc 0x000000704d1f bp 0x7ffee02d5d90 sp 0x7ffee02d5d88
READ of size 1 at 0x602000000c75 thread T0
#0 0x704d1e in TagLib::Ogg::FLAC::File::scan() /home/xxx/taglib/taglib/ogg/flac/oggflacfile.cpp:237:8
#1 0x702899 in TagLib::Ogg::FLAC::File::read(bool, TagLib::AudioProperties::ReadStyle) /home/xxx/taglib/taglib/ogg/flac/oggflacfile.cpp:179:3
#2 0x7030ca in TagLib::Ogg::FLAC::File::File(TagLib::IOStream*, bool, TagLib::AudioProperties::ReadStyle) /home/xxx/taglib/taglib/ogg/flac/oggflacfile.cpp:100:5
#3 0x6523f1 in (anonymous namespace)::detectByContent(TagLib::IOStream*, bool, TagLib::AudioProperties::ReadStyle) /home/xxx/taglib/taglib/fileref.cpp:154:18
#4 0x64ae35 in TagLib::FileRef::parse(char const*, bool, TagLib::AudioProperties::ReadStyle) /home/xxx/taglib/taglib/fileref.cpp:450:13
#5 0x555d96 in main /home/xxx/taglib/examples/tagreader.cpp:41:21
#6 0x7fb460bdd82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#7 0x459c88 in _start (/home/xxx/taglib/build/examples/tagreader+0x459c88)

0x602000000c75 is located 0 bytes to the right of 5-byte region [0x602000000c70,0x602000000c75)
allocated by thread T0 here:
#0 0x51deb8 in __interceptor_malloc (/home/xxx/taglib/build/examples/tagreader+0x51deb8)
#1 0x7fb461d76e77 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x8de77)


Reproducer:
file_scan
CVE:
CVE-2018-11439


==========================


Webin security lab - dbapp security Ltd
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close