CVE-2012-1584

Name of the Vulnerable Software and Affected Versions TagLib versions prior to 1.7.1 Gentoo Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the TagLib package that can lead to a denial of service, causing disruption to protected information. Exploitation can be done remotely. Specifically, an integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows attackers to cause an application crash via a crafted file header field in a media file, triggering a large memory allocation.

Recommendations For TagLib versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.