CVE-2019-11372

NameCVE-2019-11372
DescriptionAn out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2603-1
Debian Bugs927672

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmediainfo (PTS)bullseye20.09+dfsg-2fixed
bookworm23.04+dfsg-1fixed
trixie25.04+dfsg-1fixed
forky, sid25.09+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmediainfosourceexperimental19.04+dfsg-1
libmediainfosourcestretch0.7.91-1+deb9u1DLA-2603-1
libmediainfosource(unstable)18.12-2low927672

Notes

[jessie] - libmediainfo <no-dsa> (Minor issue)
https://github.com/MediaArea/MediaInfoLib/pull/1111
https://sourceforge.net/p/mediainfo/bugs/1101/
Search for package or bug name: Reporting problems