CVE-2019-11372

NameCVE-2019-11372
DescriptionAn out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs927672

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmediainfo (PTS)jessie0.7.70-1vulnerable
stretch0.7.91-1vulnerable
buster18.12-2fixed
bullseye, sid20.03+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmediainfosource(unstable)18.12-2low927672
libmediainfosourceexperimental19.04+dfsg-1

Notes

[stretch] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
https://github.com/MediaArea/MediaInfoLib/pull/1111
https://sourceforge.net/p/mediainfo/bugs/1101/

Search for package or bug name: Reporting problems