CVE-2008-2109

Name of the Vulnerable Software and Affected Versions libid3tag versions 0.15.0b through 0.15.1b-r1 libid3tag version 0.15.1b-r2 is not affected, so the range is up to 0.15.1b-r1

Description The issue allows context-dependent attackers to cause a denial of service, specifically CPU consumption, via an ID3 FIELD TYPE STRINGLIST field that ends in '0', triggering an infinite loop. Exploitation of this issue can lead to disruption of protected information and can be carried out remotely.

Recommendations For libid3tag versions 0.15.0b through 0.15.1b-r1, update to version 0.15.1b-r2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of ID3 fields that end in '0' to prevent infinite loops until a patch is applied.