Kentaro Oda

**Name of the Vulnerable Software and Affected Versions** libid3tag versions 0.15.0b through 0.15.1b-r1 libid3tag version 0.15.1b-r2 is not affected, so the range is up to 0.15.1b-r1 **Description** The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via an ID3 FIELD TYPE STRINGLIST field that ends in '0', triggering an infinite loop. Exploitation of this issue can lead to disruption of protected information and can be carried out remotely. **Recommendations** For libid3tag versions 0.15.0b through 0.15.1b-r1, update to version 0.15.1b-r2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of ID3 fields that end in '0' to prevent infinite loops until a patch is applied.