It was reported [1] that, when parsing an Ogg file, a specially crafted Ogg file with control over the "vendorLength" field could cause a string allocation with that size. Control over the "commentFields", which is the number of times that "commentLength" is read, would allocate a string of size "commandLength", which could cause an application linked to taglib to crash. This has been fixed in upstream git [2],[3]. [1] http://mail.kde.org/pipermail/taglib-devel/2012-March/002186.html [2] https://github.com/taglib/taglib/commit/ab8a0ee8937256311e649a88e8ddd7c7f870ad59 [3] https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532
Created taglib tracking bugs for this issue Affects: fedora-all [bug 800564]
Created taglib tracking bugs for this issue Affects: epel-5 [bug 800566]
taglib-1.6.1-1.el5.2 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
taglib-1.7.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
taglib-1.7.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
taglib-1.7.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Statement: taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue.