Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2018.0223
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2018-0223)
Zusammenfassung:The remote host is missing an update for the 'libid3tag' package(s) announced via the MGASA-2018-0223 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libid3tag' package(s) announced via the MGASA-2018-0223 advisory.

Vulnerability Insight:
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b
misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes,
triggering an endless loop allocating memory until an OOM condition is
reached, leading to denial-of-service (DoS). (CVE-2004-2779)

field.c in the libid3tag 0.15.0b library allows context-dependent
attackers to cause a denial of service (CPU consumption) via an
ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an
infinite loop. (CVE-2008-2109)

The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows
remote attackers to cause a denial of service (NULL Pointer Dereference
and application crash) via a crafted mp3 file. (CVE-2017-11550)

The id3_field_parse function in field.c in libid3tag 0.15.1b allows
remote attackers to cause a denial of service (OOM) via a crafted MP3
file. (CVE-2017-11551)

Affected Software/OS:
'libid3tag' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-2779
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913
https://bugzilla.gnome.org/show_bug.cgi?id=162647
https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
Common Vulnerability Exposure (CVE) ID: CVE-2008-2109
29210
http://www.securityfocus.com/bid/29210
30173
http://secunia.com/advisories/30173
30182
http://secunia.com/advisories/30182
FEDORA-2008-3757
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html
GLSA-200805-15
http://security.gentoo.org/glsa/glsa-200805-15.xml
MDVSA-2008:103
http://www.mandriva.com/security/advisories?name=MDVSA-2008:103
[mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b
http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html
http://bugs.gentoo.org/show_bug.cgi?id=210564
libid3tag-field-dos(42271)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42271
Common Vulnerability Exposure (CVE) ID: CVE-2017-11550
http://seclists.org/fulldisclosure/2017/Jul/85
Common Vulnerability Exposure (CVE) ID: CVE-2017-11551
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.