Security update for libid3tag SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0735-1 Final 1 1 2018-03-18T10:26:53Z current 2018-03-18T10:26:53Z 2018-03-18T10:26:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libid3tag This update for libid3tag fixes the following issues: - CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until OOM leading to DoS. (bsc#1081959 bsc#1081961) - CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown encodings when parsing ID3 tags. (bsc#1081962 bsc#387731) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00067.html E-Mail link for openSUSE-SU-2018:0735-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libid3tag-0.15.1b-188.3.1 libid3tag-devel-0.15.1b-188.3.1 libid3tag0-0.15.1b-188.3.1 libid3tag0-32bit-0.15.1b-188.3.1 libid3tag-0.15.1b-188.3.1 as a component of openSUSE Leap 42.3 libid3tag-devel-0.15.1b-188.3.1 as a component of openSUSE Leap 42.3 libid3tag0-0.15.1b-188.3.1 as a component of openSUSE Leap 42.3 libid3tag0-32bit-0.15.1b-188.3.1 as a component of openSUSE Leap 42.3 id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). CVE-2004-2779 openSUSE Leap 42.3:libid3tag-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag-devel-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-32bit-0.15.1b-188.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00067.html https://www.suse.com/security/cve/CVE-2004-2779.html CVE-2004-2779 https://bugzilla.suse.com/1081959 SUSE Bug 1081959 field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. CVE-2008-2109 openSUSE Leap 42.3:libid3tag-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag-devel-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-32bit-0.15.1b-188.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00067.html https://www.suse.com/security/cve/CVE-2008-2109.html CVE-2008-2109 https://bugzilla.suse.com/387731 SUSE Bug 387731 The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file. CVE-2017-11550 openSUSE Leap 42.3:libid3tag-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag-devel-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-32bit-0.15.1b-188.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00067.html https://www.suse.com/security/cve/CVE-2017-11550.html CVE-2017-11550 https://bugzilla.suse.com/1081962 SUSE Bug 1081962 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. CVE-2017-11551 openSUSE Leap 42.3:libid3tag-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag-devel-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-0.15.1b-188.3.1 openSUSE Leap 42.3:libid3tag0-32bit-0.15.1b-188.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00067.html https://www.suse.com/security/cve/CVE-2017-11551.html CVE-2017-11551 https://bugzilla.suse.com/1081961 SUSE Bug 1081961