Request 578693: Submit libid3tag - openSUSE Build Service

Overview

Request 578693 accepted

- Added libid3tag-utf16.patch: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (CVE-2004-2779 bsc#1081959 CVE-2017-11551
bsc#1081961)
- Added libid3tag-unknown-encoding.patch: Fixed the handling of unknown
encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962
CVE-2008-2109 bsc#387731)
- Removed libid3tag-0.15.1b-fix_overflow.patch, since it is handled
differently by libid3tag-utf16.patch already.

Created by kbabioch about 6 years ago
In state accepted
Package maintainer: tiwai

Submit libid3tag

Comments for request 578693 0

Login required, please login in order to comment

Request History

kbabioch created request about 6 years ago

- Added libid3tag-utf16.patch: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (CVE-2004-2779 bsc#1081959 CVE-2017-11551
bsc#1081961)
- Added libid3tag-unknown-encoding.patch: Fixed the handling of unknown
encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962
CVE-2008-2109 bsc#387731)
- Removed libid3tag-0.15.1b-fix_overflow.patch, since it is handled
differently by libid3tag-utf16.patch already.

scarabeus_iv accepted request about 6 years ago

openSUSE Build Service is sponsored by