CVE-2012-1108

Name of the Vulnerable Software and Affected Versions TagLib versions prior to 1.7.1

Description The issue concerns multiple vulnerabilities in the TagLib package that can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

Recommendations For TagLib versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to ogg files or disabling the parse function in ogg/xiphcomment.cpp until a patch is available. Avoid using the vendorLength field in ogg files until the issue is resolved.