1561983 – (CVE-2004-2779) CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop

Bug 1561983 (CVE-2004-2779) - CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop

Summary: CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2004-2779
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1561985 1561986 1579003
Blocks:	1561988
TreeView+	depends on / blocked

Reported:	2018-03-29 09:55 UTC by Andrej Nemec
Modified:	2021-10-21 20:00 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2021-10-21 20:00:45 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2018-03-29 09:55:15 UTC

id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=162647

Comment 1 Andrej Nemec 2018-03-29 09:55:38 UTC

Created libid3tag tracking bugs for this issue:

Affects: fedora-all [bug 1561985]


Created mingw-libid3tag tracking bugs for this issue:

Affects: fedora-all [bug 1561986]

Note You need to log in before you can comment on or make changes to this bug.