Main Vulnerability Database SB2017100527

SB2017100527 - Fedora 27 update for mingw-taglib

Published: October 5, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017100527

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary file upload (CVE-ID: CVE-2017-12678)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2017-67f13dd1e1