[pkg-mad-maintainers] Bug#480187: Bug#480187: libid3tag: CVE-2008-2109 infinite loop via crafted id3 tag
Kurt Roeckx
kurt at roeckx.be
Thu May 8 17:03:36 UTC 2008
On Thu, May 08, 2008 at 05:44:54PM +0200, Nico Golde wrote:
> Package: libid3tag
> Version: 0.15.1b-10
> Severity: important
> Tags: security patch
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for libid3tag.
I believe this is the same as #304913 and is fixed in version
0.15.1b-5. The diff is at a deeper level than what they did.
They prevent calling id3_parse_string() again, while our
id3_utf16_deserialize() called by id3_parse_string() just makes
sure it's not called again by increasing ptr by one.
The test.mp3 from the gentoo bug report atleast also shows the OOM
behaviour with version 0.15.1b-4.1 and doesn't show the problem with
0.15.1b-10.
Note that we changed the diff we used in 0.15.1b-5 because
it could cause a segfault, and it was rewritten in 0.15.1b-8.
Kurt
More information about the pkg-mad-maintainers
mailing list