[CVE-2008-2109] Denial of service via the ID3_FIELD_TYPE_STRINGLIST field
Bug #230620 reported by
Till Ulen
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libid3tag (Debian) |
Fix Released
|
Unknown
|
|||
libid3tag (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
CVE-2008-2109 description:
"field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_
http://
http://
Despite its version number, libid3tag0 version 0.15.1b-10 from Hardy does contain the vulnerable code. So do the versions from previous releases, I guess.
CVE References
Changed in libid3tag: | |
status: | Unknown → Fix Released |
Changed in libid3tag: | |
status: | New → Invalid |
To post a comment you must log in.
It looks like Debian patched this years ago.