CVE-2004-2779

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libid3tag versions 0.15.1b and earlier

Description The issue arises from the id3 utf16 deserialize() function in utf16.c, which misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes. This triggers an endless loop that allocates memory until an out-of-memory (OOM) condition is reached, resulting in a denial-of-service (DoS).

Recommendations For libid3tag versions 0.15.1b and earlier, consider disabling the id3 utf16 deserialize() function until a patch is available to prevent the denial-of-service condition.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2020-3080

ALT-PU-2020-3092

ALT-PU-2023-2082

ALT-PU-2024-1567

AZL-36950

AZL-7261

CVE-2004-2779

MGASA-2018-0223

OPENSUSE-SU-2024:10948-1

SUSE-SU-2018:0715-1

SUSE-SU-2018:0722-1

SUSE-SU-2018_0715-1

SUSE-SU-2018_0722-1

Affected Products

Alt Linux

Suse

Libid3Tag

CVE-2004-2779

Weakness Enumeration

Related Identifiers

Affected Products

References · 24