Published: 30/05/2018 Updated: 07/10/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote malicious users to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
taglib taglib 1.11.1
debian debian linux 8.0
debian debian linux 9.0

Synopsis Low: taglib security update Type/Severity Security Advisory: Low Topic An update for taglib is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detai ...

Debian Bug report logs - #903847 taglib: CVE-2018-11439: heap-based buffer over-read via a crafted audio file Package: src:taglib; Maintainer for src:taglib is Modestas Vainius <modax@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 15 Jul 2018 19:09:01 UTC Severity: important Tags: fixed ...

The TagLib::Ogg::FLAC::File::scan function in oggflacfilecpp in TagLib 1111 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file (CVE-2018-11439) ...

The TagLib::Ogg::FLAC::File::scan function in oggflacfilecpp in TagLib 1111 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file ...

CWE-125 http://seclists.org/fulldisclosure/2018/May/49 https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html https://lists.debian.org/debian-lts-announce/2021/09/msg00020.html https://access.redhat.com/errata/RHSA-2020:1175 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2020-1460.html

CVE-2018-11439

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect