CVE-2017-12678

Name of the Vulnerable Software and Affected Versions TagLib version 1.11.1

Description The issue is related to the rebuildAggregateFrames function in the TagLib library, which is used for reading and modifying metadata in audio files. This function has a vulnerability that allows for unlimited loading of dangerous file types. Exploitation of this issue can enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be triggered via a crafted audio file.

Recommendations For TagLib version 1.11.1, consider disabling the rebuildAggregateFrames function as a temporary workaround until a patch is available. Restrict access to the id3v2framefactory.cpp module to minimize the risk of exploitation. Avoid using crafted audio files that could trigger the vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.