The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. References: http://seclists.org/fulldisclosure/2018/May/49
Created mingw-taglib tracking bugs for this issue: Affects: fedora-all [bug 1584871] Created taglib tracking bugs for this issue: Affects: fedora-all [bug 1584870]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:1175 https://access.redhat.com/errata/RHSA-2020:1175
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-11439