{"id":"CVE-2017-12678","details":"In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.","modified":"2026-04-16T01:38:44.858947415Z","published":"2017-08-08T01:34:00.080Z","related":["openSUSE-SU-2024:11421-1"],"references":[{"type":"ADVISORY","url":"https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a"},{"type":"ADVISORY","url":"https://github.com/taglib/taglib/issues/829"},{"type":"ADVISORY","url":"https://github.com/taglib/taglib/pull/831"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00020.html"},{"type":"REPORT","url":"https://github.com/taglib/taglib/issues/829"},{"type":"FIX","url":"https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a"},{"type":"FIX","url":"https://github.com/taglib/taglib/issues/829"},{"type":"FIX","url":"https://github.com/taglib/taglib/pull/831"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2021/09/msg00020.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/taglib/taglib","events":[{"introduced":"0"},{"fixed":"cb9f07d9dcd791b63e622da43f7b232adaec0a9a"}]}],"versions":["v1.10","v1.10beta","v1.11","v1.11.1","v1.11beta","v1.11beta2","v1.5","v1.6","v1.6.1","v1.6.2","v1.6.3","v1.6rc1","v1.7","v1.7.1","v1.7.2","v1.7rc1","v1.8","v1.8beta","v1.9","v1.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12678.json","vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"63189154665858681151973652675033772745","length":1162},"target":{"file":"taglib/mpeg/id3v2/id3v2framefactory.cpp","function":"FrameFactory::rebuildAggregateFrames"},"source":"https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a","signature_type":"Function","deprecated":false,"id":"CVE-2017-12678-51e627e6"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["220139894708303143899526924524560798224","331122330798241866706006235958792627874","115681426174653110933180385216535435262","143728083367336673008615923459110808737","100579267743060690021987545153789673597","321646883927881145213580466139976781879"]},"target":{"file":"taglib/mpeg/id3v2/id3v2framefactory.cpp"},"source":"https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a","signature_type":"Line","deprecated":false,"id":"CVE-2017-12678-99eaacdd"}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}