FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

taglib -- heap-based buffer over-read via a crafted audio file

Affected packages
taglib < 1.12.b.1


VuXML ID d3f3e818-8d10-11ea-8668-e0d55e2a8bf9
Discovery 2018-05-28
Entry 2020-05-03

Webin security lab - dbapp security Ltd reports:

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.


CVE Name CVE-2018-11439