1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200805-15 / libid3tag |
| Release Date | May 14, 2008 |
| Latest Revision | May 14, 2008: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-libs/libid3tag | < 0.15.1b-r2 | >= 0.15.1b-r2 | All supported architectures |
Related bugreports: #210564
A Denial of Service vulnerability was found in libid3tag.
libid3tag is an ID3 tag manipulation library.
Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'.
A remote attacker could entice a user to open a specially crafted MP3 file, possibly resulting in a Denial of Service.
There is no known workaround at this time.
All libid3tag users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libid3tag-0.15.1b-r2" |