ID CVE-2008-2109
Summary field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
References
Vulnerable Configurations
  • cpe:2.3:a:media-libs:libid3tag:0.15.0b:*:*:*:*:*:*:*
    cpe:2.3:a:media-libs:libid3tag:0.15.0b:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 13-02-2023 - 02:19)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 29210
confirm http://bugs.gentoo.org/show_bug.cgi?id=210564
fedora FEDORA-2008-3757
gentoo GLSA-200805-15
mandriva MDVSA-2008:103
mlist [mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b
secunia
  • 30173
  • 30182
xf libid3tag-field-dos(42271)
Last major update 13-02-2023 - 02:19
Published 07-05-2008 - 21:20
Last modified 13-02-2023 - 02:19
Back to Top