It was reported [1] that taglib suffers from an integer overflow flaw when parsing file header fields. A file with a crafted header could cause a large allocation and crash the application. This has been corrected in git [2]. [1] http://www.openwall.com/lists/oss-security/2012/03/21/11 [2] https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308
Created taglib tracking bugs for this issue Affects: fedora-all [bug 800564] Affects: epel-5 [bug 800566]
taglib-1.7.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
taglib-1.7.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
taglib-1.7.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Statement: taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue.