Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for libid3tag

This update for libid3tag fixes the following issues:

- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#387731
VUL-0: libid3tag overflow
bnc#1081962
VUL-0: libid3tag: CVE-2017-11550 libid3tag: NULL Pointer Dereference in id3_ucs4_length function in ucs4.c
bnc#1081959
VUL-0: CVE-2004-2779: libid3tag: id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2tags encoded in UTF-16 with an odd number of bytes, triggering an endless loopallocating memory until an OOM condition is reac
bnc#1081961
VUL-0: libid3tag: CVE-2017-11551 libid3tag: Out of memory in id3_field_parse function in field.c
CVE-2017-11551
CVE-2017-11550
CVE-2008-2109
CVE-2004-2779
Selected Binaries
openSUSE Build Service is sponsored by
Places