Fluid Attacks Database

Description

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	taglib	>=0 <1.11.1+dfsg.1-0.3	1.11.1+dfsg.1-0.3
alpine v3.10	taglib	=1.10-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.1-r0 \|\| =1.11.1-r1 \|\| =1.5-r0 \|\| =1.6-r0 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.3-r0 \|\| =1.6.3-r1 \|\| =1.6.3-r2 \|\| =1.7-r0 \|\| =1.7-r1 \|\| =1.7-r2 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8-r0 \|\| =1.9.1-r0 \|\| =1.9.1-r1 \|\| >=0 <1.11.1-r2	1.11.1-r2
alpine v3.11	taglib	=1.10-r0 \|\| =1.11-r0 \|\| =1.11-r1 \|\| =1.11.1-r0 \|\| =1.11.1-r1 \|\| =1.5-r0 \|\| =1.6-r0 \|\| =1.6.1-r0 \|\| =1.6.1-r1 \|\| =1.6.3-r0 \|\| =1.6.3-r1 \|\| =1.6.3-r2 \|\| =1.7-r0 \|\| =1.7-r1 \|\| =1.7-r2 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.8-r0 \|\| =1.9.1-r0 \|\| =1.9.1-r1 \|\| >=0 <1.11.1-r2	1.11.1-r2
debian 13	taglib	>=0 <1.11.1+dfsg.1-0.3	1.11.1+dfsg.1-0.3
debian 12	taglib	>=0 <1.11.1+dfsg.1-0.3	1.11.1+dfsg.1-0.3
debian 11	taglib	>=0 <1.11.1+dfsg.1-0.3	1.11.1+dfsg.1-0.3
rpm rhel7	taglib	<0:1.8-8.20130218git.el7	0:1.8-8.20130218git.el7
rpm rhel6	taglib	-	-

Aliases

1. CVE-2018-114392. NVD-2018-114393. OSV-DEBIAN-2018-114394. OSV-2018-114395. OSV-ALPINE-2018-114396. SECURITY-TRACKER-CVE-2018-114397. SECURITY-CVE-2018-11439

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.