 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2018.0223 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2018-0223) |
| Resumen: | The remote host is missing an update for the 'libid3tag' package(s) announced via the MGASA-2018-0223 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'libid3tag' package(s) announced via the MGASA-2018-0223 advisory. Vulnerability Insight: id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). (CVE-2004-2779) field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. (CVE-2008-2109) The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file. (CVE-2017-11550) The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. (CVE-2017-11551) Affected Software/OS: 'libid3tag' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-2779 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913 https://bugzilla.gnome.org/show_bug.cgi?id=162647 https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/ Common Vulnerability Exposure (CVE) ID: CVE-2008-2109 29210 http://www.securityfocus.com/bid/29210 30173 http://secunia.com/advisories/30173 30182 http://secunia.com/advisories/30182 FEDORA-2008-3757 https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html GLSA-200805-15 http://security.gentoo.org/glsa/glsa-200805-15.xml MDVSA-2008:103 http://www.mandriva.com/security/advisories?name=MDVSA-2008:103 [mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html http://bugs.gentoo.org/show_bug.cgi?id=210564 libid3tag-field-dos(42271) https://exchange.xforce.ibmcloud.com/vulnerabilities/42271 Common Vulnerability Exposure (CVE) ID: CVE-2017-11550 http://seclists.org/fulldisclosure/2017/Jul/85 Common Vulnerability Exposure (CVE) ID: CVE-2017-11551 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |