CVE-2012-1107

Name of the Vulnerable Software and Affected Versions TagLib versions prior to 1.7.1

Description The issue concerns multiple vulnerabilities in the TagLib package that can lead to a denial of service, causing disruption to protected information. Exploitation of these vulnerabilities can be done remotely. Specifically, the analyzeCurrent function in ape/apeproperties.cpp allows context-dependent attackers to cause an application crash via a crafted sampleRate in an ape file, triggering a divide-by-zero error.

Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the analyzeCurrent function in ape/apeproperties.cpp until a patch is available. Restrict access to ape files to minimize the risk of exploitation.