Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-11551 (GCVE-0-2017-11551)
Vulnerability from cvelistv5
Published
2017-07-31 13:00
Modified
2024-08-05 18:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-31T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11551",
"datePublished": "2017-07-31T13:00:00",
"dateReserved": "2017-07-22T00:00:00",
"dateUpdated": "2024-08-05T18:12:40.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11551\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-31T13:29:01.533\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n id3_field_parse en el archivo field.c en libid3tag versi\u00f3n 0.15.1b, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (OOM) por medio de un archivo MP3 creado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5BB7DF5-C4CE-4865-B9B2-5C5097F24F46\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/85\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/85\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
ghsa-332h-96gg-2p6g
Vulnerability from github
Published
2022-05-17 02:20
Modified
2022-05-17 02:20
Severity ?
VLAI Severity ?
Details
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
{
"affected": [],
"aliases": [
"CVE-2017-11551"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-31T13:29:00Z",
"severity": "MODERATE"
},
"details": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GHSA-332h-96gg-2p6g",
"modified": "2022-05-17T02:20:37Z",
"published": "2022-05-17T02:20:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11551"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
suse-su-2018:0722-1
Vulnerability from csaf_suse
Published
2018-03-16 15:32
Modified
2018-03-16 15:32
Summary
Security update for libid3tag
Notes
Title of the patch
Security update for libid3tag
Description of the patch
This update for libid3tag fixes the following issues:
- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2018-490,SUSE-SLE-DESKTOP-12-SP3-2018-490,SUSE-SLE-SDK-12-SP2-2018-490,SUSE-SLE-SDK-12-SP3-2018-490,SUSE-SLE-WE-12-SP2-2018-490,SUSE-SLE-WE-12-SP3-2018-490
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libid3tag",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libid3tag fixes the following issues:\n\n- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,\n which previously misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating memory until\n OOM leading to DoS. (bsc#1081959 bsc#1081961)\n- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown\n encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2018-490,SUSE-SLE-DESKTOP-12-SP3-2018-490,SUSE-SLE-SDK-12-SP2-2018-490,SUSE-SLE-SDK-12-SP3-2018-490,SUSE-SLE-WE-12-SP2-2018-490,SUSE-SLE-WE-12-SP3-2018-490",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0722-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0722-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180722-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0722-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003823.html"
},
{
"category": "self",
"summary": "SUSE Bug 1081959",
"url": "https://bugzilla.suse.com/1081959"
},
{
"category": "self",
"summary": "SUSE Bug 1081961",
"url": "https://bugzilla.suse.com/1081961"
},
{
"category": "self",
"summary": "SUSE Bug 1081962",
"url": "https://bugzilla.suse.com/1081962"
},
{
"category": "self",
"summary": "SUSE Bug 387731",
"url": "https://bugzilla.suse.com/387731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2004-2779 page",
"url": "https://www.suse.com/security/cve/CVE-2004-2779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2109 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11551 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11551/"
}
],
"title": "Security update for libid3tag",
"tracking": {
"current_release_date": "2018-03-16T15:32:29Z",
"generator": {
"date": "2018-03-16T15:32:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0722-1",
"initial_release_date": "2018-03-16T15:32:29Z",
"revision_history": [
{
"date": "2018-03-16T15:32:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.aarch64",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64",
"product_id": "libid3tag0-0.15.1b-184.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"product_id": "libid3tag0-0.15.1b-184.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.s390x",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x",
"product_id": "libid3tag0-0.15.1b-184.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.x86_64",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64",
"product_id": "libid3tag0-0.15.1b-184.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2004-2779"
}
],
"notes": [
{
"category": "general",
"text": "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2004-2779",
"url": "https://www.suse.com/security/cve/CVE-2004-2779"
},
{
"category": "external",
"summary": "SUSE Bug 1081959 for CVE-2004-2779",
"url": "https://bugzilla.suse.com/1081959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2004-2779"
},
{
"cve": "CVE-2008-2109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2109"
}
],
"notes": [
{
"category": "general",
"text": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in \u0027\\0\u0027, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2109",
"url": "https://www.suse.com/security/cve/CVE-2008-2109"
},
{
"category": "external",
"summary": "SUSE Bug 387731 for CVE-2008-2109",
"url": "https://bugzilla.suse.com/387731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2008-2109"
},
{
"cve": "CVE-2017-11550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11550"
}
],
"notes": [
{
"category": "general",
"text": "The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11550",
"url": "https://www.suse.com/security/cve/CVE-2017-11550"
},
{
"category": "external",
"summary": "SUSE Bug 1081962 for CVE-2017-11550",
"url": "https://bugzilla.suse.com/1081962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-11550"
},
{
"cve": "CVE-2017-11551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11551"
}
],
"notes": [
{
"category": "general",
"text": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11551",
"url": "https://www.suse.com/security/cve/CVE-2017-11551"
},
{
"category": "external",
"summary": "SUSE Bug 1081961 for CVE-2017-11551",
"url": "https://bugzilla.suse.com/1081961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-11551"
}
]
}
suse-su-2018:0715-1
Vulnerability from csaf_suse
Published
2018-03-16 15:31
Modified
2018-03-16 15:31
Summary
Security update for libid3tag
Notes
Title of the patch
Security update for libid3tag
Description of the patch
This update for libid3tag fixes the following issues:
- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)
Patchnames
sdksp4-libid3tag-13517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libid3tag",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libid3tag fixes the following issues:\n\n- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,\n which previously misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating memory until\n OOM leading to DoS. (bsc#1081959 bsc#1081961)\n- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown\n encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-libid3tag-13517",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0715-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0715-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180715-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0715-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003820.html"
},
{
"category": "self",
"summary": "SUSE Bug 1081959",
"url": "https://bugzilla.suse.com/1081959"
},
{
"category": "self",
"summary": "SUSE Bug 1081961",
"url": "https://bugzilla.suse.com/1081961"
},
{
"category": "self",
"summary": "SUSE Bug 1081962",
"url": "https://bugzilla.suse.com/1081962"
},
{
"category": "self",
"summary": "SUSE Bug 387731",
"url": "https://bugzilla.suse.com/387731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2004-2779 page",
"url": "https://www.suse.com/security/cve/CVE-2004-2779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2109 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11551 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11551/"
}
],
"title": "Security update for libid3tag",
"tracking": {
"current_release_date": "2018-03-16T15:31:57Z",
"generator": {
"date": "2018-03-16T15:31:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0715-1",
"initial_release_date": "2018-03-16T15:31:57Z",
"revision_history": [
{
"date": "2018-03-16T15:31:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.i586",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.i586",
"product_id": "libid3tag-0.15.1b-132.3.1.i586"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.i586",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.i586",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.ia64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.ia64",
"product_id": "libid3tag-0.15.1b-132.3.1.ia64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.ppc64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.ppc64",
"product_id": "libid3tag-0.15.1b-132.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.s390x",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.s390x",
"product_id": "libid3tag-0.15.1b-132.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.x86_64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.x86_64",
"product_id": "libid3tag-0.15.1b-132.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2004-2779"
}
],
"notes": [
{
"category": "general",
"text": "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2004-2779",
"url": "https://www.suse.com/security/cve/CVE-2004-2779"
},
{
"category": "external",
"summary": "SUSE Bug 1081959 for CVE-2004-2779",
"url": "https://bugzilla.suse.com/1081959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2004-2779"
},
{
"cve": "CVE-2008-2109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2109"
}
],
"notes": [
{
"category": "general",
"text": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in \u0027\\0\u0027, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2109",
"url": "https://www.suse.com/security/cve/CVE-2008-2109"
},
{
"category": "external",
"summary": "SUSE Bug 387731 for CVE-2008-2109",
"url": "https://bugzilla.suse.com/387731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2008-2109"
},
{
"cve": "CVE-2017-11550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11550"
}
],
"notes": [
{
"category": "general",
"text": "The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11550",
"url": "https://www.suse.com/security/cve/CVE-2017-11550"
},
{
"category": "external",
"summary": "SUSE Bug 1081962 for CVE-2017-11550",
"url": "https://bugzilla.suse.com/1081962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-11550"
},
{
"cve": "CVE-2017-11551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11551"
}
],
"notes": [
{
"category": "general",
"text": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11551",
"url": "https://www.suse.com/security/cve/CVE-2017-11551"
},
{
"category": "external",
"summary": "SUSE Bug 1081961 for CVE-2017-11551",
"url": "https://bugzilla.suse.com/1081961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-11551"
}
]
}
msrc_cve-2017-11551
Vulnerability from csaf_microsoft
Published
2017-07-02 00:00
Modified
2025-03-14 00:00
Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2017-11551 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-11551.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service",
"tracking": {
"current_release_date": "2025-03-14T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:11:23.903Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2017-11551",
"initial_release_date": "2017-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-03-14T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product": {
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libid3tag 0.16.3-7",
"product": {
"name": "azl3 libid3tag 0.16.3-7",
"product_id": "16892"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libid3tag 0.15.1b-33",
"product": {
"name": "\u003ccbl2 libid3tag 0.15.1b-33",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 libid3tag 0.15.1b-33",
"product": {
"name": "cbl2 libid3tag 0.15.1b-33",
"product_id": "16891"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product": {
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 libid3tag 0.16.3-7",
"product": {
"name": "azl3 libid3tag 0.16.3-7",
"product_id": "16892"
}
}
],
"category": "product_name",
"name": "libid3tag"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16892-17084"
},
"product_reference": "16892",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libid3tag 0.15.1b-33 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libid3tag 0.15.1b-33 as a component of CBL Mariner 2.0",
"product_id": "16891-17086"
},
"product_reference": "16891",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16817-2"
},
"product_reference": "2",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16892-16817"
},
"product_reference": "16892",
"relates_to_product_reference": "16817"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11551",
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16892-17084",
"16891-17086",
"16892-16817"
],
"known_affected": [
"17084-1",
"17086-3",
"16817-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2017-11551 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-11551.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-14T00:00:00.000Z",
"details": "0.16.3-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"16817-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-03-14T00:00:00.000Z",
"details": "0.15.1b-33:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17086-3",
"16817-2"
]
}
],
"title": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service"
}
]
}
fkie_cve-2017-11551
Vulnerability from fkie_nvd
Published
2017-07-31 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Jul/85 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jul/85 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libid3tag_project | libid3tag | 0.15.1b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB7DF5-C4CE-4865-B9B2-5C5097F24F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
},
{
"lang": "es",
"value": "La funci\u00f3n id3_field_parse en el archivo field.c en libid3tag versi\u00f3n 0.15.1b, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (OOM) por medio de un archivo MP3 creado."
}
],
"id": "CVE-2017-11551",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-31T13:29:01.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2017-11551
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11551",
"description": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GSD-2017-11551",
"references": [
"https://www.suse.com/security/cve/CVE-2017-11551.html",
"https://advisories.mageia.org/CVE-2017-11551.html",
"https://security.archlinux.org/CVE-2017-11551"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-11551"
],
"details": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GSD-2017-11551",
"modified": "2023-12-13T01:21:15.456473Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-08-02T18:20Z",
"publishedDate": "2017-07-31T13:29Z"
}
}
}
cnvd-2017-19548
Vulnerability from cnvd
Title
libid3tag 'id3_field_parse'函数拒绝服务漏洞
Description
libid3tag是MPEG音频解码器MAD中所捆绑的ID3标签操控库。
libid3tag 0.15.1b版本中的field.c文件的'id3_field_parse'函数存在安全漏洞。远程攻击者可借助特制的MP3文件利用该漏洞造成拒绝服务。
Severity
中
VLAI Severity ?
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://github.com/markjeee/libid3tag
Reference
http://seclists.org/fulldisclosure/2017/Jul/85
Impacted products
| Name | libid3tag libid3tag 0.15.1b |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-11551",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11551"
}
},
"description": "libid3tag\u662fMPEG\u97f3\u9891\u89e3\u7801\u5668MAD\u4e2d\u6240\u6346\u7ed1\u7684ID3\u6807\u7b7e\u64cd\u63a7\u5e93\u3002\r\n\r\nlibid3tag 0.15.1b\u7248\u672c\u4e2d\u7684field.c\u6587\u4ef6\u7684\u0027id3_field_parse\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684MP3\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "qflb.wu",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://github.com/markjeee/libid3tag",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-19548",
"openTime": "2017-08-08",
"products": {
"product": "libid3tag libid3tag 0.15.1b"
},
"referenceLink": "http://seclists.org/fulldisclosure/2017/Jul/85",
"serverity": "\u4e2d",
"submitTime": "2017-08-03",
"title": "libid3tag \u0027id3_field_parse\u0027\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…