Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2109

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2109
Last Modified 15 Nov 2008 02:13:21
Published 07 May 2008 05:20:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2109

Summary

field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.

Vulnerable Systems

Application

  • Media-libs Libid3tag 0.15.0b


References

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=210564

MLIST - [mad-dev] 20080112 Initite loop bug in libid3tag-0.15.0b

MANDRIVA - MDVSA-2008:103

FEDORA - FEDORA-2008-3757

XF - libid3tag-field-dos(42271)

BID - 29210

GENTOO - GLSA-200805-15

SECUNIA - 30182

SECUNIA - 30173


Last Updated: 27 May 2016 10:47:46