CVE-2018-11439

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11439

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11439.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-11439

Downstream

ALPINE-CVE-2018-11439

DEBIAN-CVE-2018-11439

DLA-1430-1

DLA-2772-1

RHSA-2020:1175

SUSE-SU-2019:1374-2

SUSE-SU-2020:2968-1

UBUNTU-CVE-2018-11439

openSUSE-SU-2024:11421-1

Related

Published

2018-05-30T13:29:00.573Z

Modified

2025-11-14T07:37:14.961936Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

References

Affected packages

Git / github.com/taglib/taglib

Affected ranges

Type: GIT
Repo: https://github.com/taglib/taglib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

e36a9cabb9882e61276161c23834d966d62073b7

Affected versions

v1.*

v1.10

v1.10beta

v1.11

v1.11.1

v1.11beta

v1.11beta2

v1.5

v1.6

v1.6.1

v1.6.2

v1.6.3

v1.6rc1

v1.7

v1.7.1

v1.7.2

v1.7rc1

v1.8

v1.8beta

v1.9

v1.9.1