PT-2018-4015 · Underbit Technologies+2 · Libid3Tag+2

Mark

Publicado

2018-02-20

Atualizado

2024-02-03

CVE-2004-2779

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libid3tag versions 0.15.1b and earlier

Description The issue arises from the id3 utf16 deserialize() function in utf16.c, which misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes. This triggers an endless loop that allocates memory until an out-of-memory (OOM) condition is reached, resulting in a denial-of-service (DoS).

Recommendations For libid3tag versions 0.15.1b and earlier, consider disabling the id3 utf16 deserialize() function until a patch is available to prevent the denial-of-service condition.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2020-3080

ALT-PU-2020-3092

ALT-PU-2023-2082

ALT-PU-2024-1567

AZL-36950

AZL-7261

CVE-2004-2779

MGASA-2018-0223

OPENSUSE-SU-2024:10948-1

SUSE-SU-2018:0715-1

SUSE-SU-2018:0722-1

SUSE-SU-2018_0715-1

SUSE-SU-2018_0722-1

Produtos afetados

Alt Linux

Suse

Libid3Tag

PT-2018-4015 · Underbit Technologies+2 · Libid3Tag+2

CVE-2004-2779

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24