Vulnerabilities > CVE-2008-2109 - Unspecified vulnerability in Media-Libs Libid3Tag 0.15.0B
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN media-libs
nessus
Summary
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0722-1.NASL description This update for libid3tag fixes the following issues : - CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (bsc#1081959 bsc#1081961) - CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown encodings when parsing ID3 tags. (bsc#1081962 bsc#387731) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 108452 published 2018-03-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108452 title SUSE SLED12 Security Update : libid3tag (SUSE-SU-2018:0722-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200805-15.NASL description The remote host is affected by the vulnerability described in GLSA-200805-15 (libid3tag: Denial of Service) Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in last seen 2020-06-01 modified 2020-06-02 plugin id 32352 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32352 title GLSA-200805-15 : libid3tag: Denial of Service NASL family Fedora Local Security Checks NASL id FEDORA_2008-3874.NASL description - Bug #445812 - CVE-2008-2109 libid3tag: infinite loop in ID3_FIELD_TYPE_STRINGLIST parsing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32336 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32336 title Fedora 7 : libid3tag-0.15.1b-5.fc7 (2008-3874) NASL family Fedora Local Security Checks NASL id FEDORA_2008-3976.NASL description - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> - 0.15.1b-5 - fix for CVE-2008-2109 (#445812) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32348 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32348 title Fedora 8 : libid3tag-0.15.1b-5.fc8 (2008-3976) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-277.NASL description This update for libid3tag fixes the following issues : - CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (bsc#1081959 bsc#1081961) - CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown encodings when parsing ID3 tags. (bsc#1081962 bsc#387731) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-03-19 plugin id 108441 published 2018-03-19 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/108441 title openSUSE Security Update : libid3tag (openSUSE-2018-277) NASL family Fedora Local Security Checks NASL id FEDORA_2008-3757.NASL description - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> - 0.15.1b-6 - fix for CVE-2008-2109 (#445812) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32332 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32332 title Fedora 9 : libid3tag-0.15.1b-6.fc9 (2008-3757) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-103.NASL description field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in last seen 2020-06-01 modified 2020-06-02 plugin id 37269 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37269 title Mandriva Linux Security Advisory : libid3tag (MDVSA-2008:103)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 29210 CVE(CAN) ID: CVE-2008-2109 libid3tag是MPEG音频解码器MAD中所捆绑的ID3标签操控库。 libid3tag库在解析ID3_FIELD_TYPE_STRINGLIST字段时如果所要解析的数据以\0结尾的话,**ptr == 0,但end - *ptr条件为1,所以循环会无限继续。 以下是有漏洞的代码段: *** field.c 2003-04-19 09:14:33.000000000 +0900 --- field-patched.c 2008-01-13 16:08:22.000000000 +0900 *************** *** 291,297 **** end = *ptr + length; ! while (end - *ptr > 0) { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; --- 291,297 ---- end = *ptr + length; ! while (end - *ptr > 0 && **ptr != '\0') { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; Underbit Technologies libid3tag 0.15.0b Underbit Technologies --------------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.underbit.com/ target=_blank>http://www.underbit.com/</a> |
| id | SSV:3307 |
| last seen | 2017-11-19 |
| modified | 2008-05-21 |
| published | 2008-05-21 |
| reporter | Root |
| title | libid3tag拒绝服务漏洞 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=210564
- http://www.mars.org/mailman/public/mad-dev/2008-January/001366.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html
- http://security.gentoo.org/glsa/glsa-200805-15.xml
- http://www.securityfocus.com/bid/29210
- http://secunia.com/advisories/30182
- http://secunia.com/advisories/30173
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:103
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42271