CVE-2019-11372

NameCVE-2019-11372
DescriptionAn out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2603-1
NVD severitymedium
Debian Bugs927672

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmediainfo (PTS)stretch0.7.91-1vulnerable
stretch (security)0.7.91-1+deb9u1fixed
buster18.12-2fixed
bullseye20.09+dfsg-2fixed
sid21.03+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmediainfosourceexperimental19.04+dfsg-1
libmediainfosourcestretch0.7.91-1+deb9u1DLA-2603-1
libmediainfosource(unstable)18.12-2low927672

Notes

[jessie] - libmediainfo <no-dsa> (Minor issue)
https://github.com/MediaArea/MediaInfoLib/pull/1111
https://sourceforge.net/p/mediainfo/bugs/1101/

Search for package or bug name: Reporting problems