Advisories » MGASA-2018-0300

Updated taglib packages fix security vulnerability

Publication date: 01 Jul 2018
Modification date: 01 Jul 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-11439

Description

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib
1.11.1 allows remote attackers to cause information disclosure (heap-based
buffer over-read) via a crafted audio file. (CVE-2018-11439)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23178
• https://lists.opensuse.org/opensuse-updates/2018-06/msg00084.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11439

SRPMS

6/core

• taglib-1.11.1-1.2.mga6

5/core

• taglib-1.9.1-4.1.mga5