CVE-2017-11551

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libid3tag version 0.15.1b

Description The issue allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. This is due to a problem in the id3 field parse function in field.c.

Recommendations For libid3tag version 0.15.1b, consider avoiding the use of the id3 field parse function until a patch is available. As a temporary workaround, restrict the processing of MP3 files from untrusted sources to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2024-1540

ALT-PU-2024-1567

ALT-PU-2024-2268

AZL-36952

AZL-7263

CVE-2017-11551

MGASA-2018-0223

SUSE-SU-2018:0715-1

SUSE-SU-2018:0722-1

Affected Products

Alt Linux

Suse

Libid3Tag

CVE-2017-11551

Weakness Enumeration

Related Identifiers

Affected Products

References · 27