Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-11551 (GCVE-0-2017-11551)
Vulnerability from cvelistv5 – Published: 2017-07-31 13:00 – Updated: 2024-08-05 18:12
VLAI?
EPSS
Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-31T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11551",
"datePublished": "2017-07-31T13:00:00",
"dateReserved": "2017-07-22T00:00:00",
"dateUpdated": "2024-08-05T18:12:40.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5BB7DF5-C4CE-4865-B9B2-5C5097F24F46\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n id3_field_parse en el archivo field.c en libid3tag versi\\u00f3n 0.15.1b, permite a los atacantes remotos causar una denegaci\\u00f3n de servicio (OOM) por medio de un archivo MP3 creado.\"}]",
"id": "CVE-2017-11551",
"lastModified": "2024-11-21T03:08:00.127",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-07-31T13:29:01.533",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/85\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2017/Jul/85\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-11551\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-31T13:29:01.533\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n id3_field_parse en el archivo field.c en libid3tag versi\u00f3n 0.15.1b, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (OOM) por medio de un archivo MP3 creado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5BB7DF5-C4CE-4865-B9B2-5C5097F24F46\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/85\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Jul/85\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
}
}
MSRC_CVE-2017-11551
Vulnerability from csaf_microsoft - Published: 2017-07-02 00:00 - Updated: 2025-03-14 00:00Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2017-11551 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-11551.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service",
"tracking": {
"current_release_date": "2025-03-14T00:00:00.000Z",
"generator": {
"date": "2025-10-19T17:11:23.903Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2017-11551",
"initial_release_date": "2017-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-03-14T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product": {
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 libid3tag 0.16.3-7",
"product": {
"name": "azl3 libid3tag 0.16.3-7",
"product_id": "16892"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 libid3tag 0.15.1b-33",
"product": {
"name": "\u003ccbl2 libid3tag 0.15.1b-33",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 libid3tag 0.15.1b-33",
"product": {
"name": "cbl2 libid3tag 0.15.1b-33",
"product_id": "16891"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product": {
"name": "\u003cazl3 libid3tag 0.16.3-7",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 libid3tag 0.16.3-7",
"product": {
"name": "azl3 libid3tag 0.16.3-7",
"product_id": "16892"
}
}
],
"category": "product_name",
"name": "libid3tag"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16892-17084"
},
"product_reference": "16892",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 libid3tag 0.15.1b-33 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libid3tag 0.15.1b-33 as a component of CBL Mariner 2.0",
"product_id": "16891-17086"
},
"product_reference": "16891",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16817-2"
},
"product_reference": "2",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libid3tag 0.16.3-7 as a component of Azure Linux 3.0",
"product_id": "16892-16817"
},
"product_reference": "16892",
"relates_to_product_reference": "16817"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-11551",
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16892-17084",
"16891-17086",
"16892-16817"
],
"known_affected": [
"17084-1",
"17086-3",
"16817-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2017-11551 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2017/msrc_cve-2017-11551.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-14T00:00:00.000Z",
"details": "0.16.3-7:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"16817-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-03-14T00:00:00.000Z",
"details": "0.15.1b-33:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17086-3",
"16817-2"
]
}
],
"title": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service"
}
]
}
SUSE-SU-2018:0715-1
Vulnerability from csaf_suse - Published: 2018-03-16 15:31 - Updated: 2018-03-16 15:31Summary
Security update for libid3tag
Notes
Title of the patch
Security update for libid3tag
Description of the patch
This update for libid3tag fixes the following issues:
- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)
Patchnames
sdksp4-libid3tag-13517
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libid3tag",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libid3tag fixes the following issues:\n\n- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,\n which previously misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating memory until\n OOM leading to DoS. (bsc#1081959 bsc#1081961)\n- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown\n encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-libid3tag-13517",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0715-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0715-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180715-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0715-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003820.html"
},
{
"category": "self",
"summary": "SUSE Bug 1081959",
"url": "https://bugzilla.suse.com/1081959"
},
{
"category": "self",
"summary": "SUSE Bug 1081961",
"url": "https://bugzilla.suse.com/1081961"
},
{
"category": "self",
"summary": "SUSE Bug 1081962",
"url": "https://bugzilla.suse.com/1081962"
},
{
"category": "self",
"summary": "SUSE Bug 387731",
"url": "https://bugzilla.suse.com/387731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2004-2779 page",
"url": "https://www.suse.com/security/cve/CVE-2004-2779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2109 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11551 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11551/"
}
],
"title": "Security update for libid3tag",
"tracking": {
"current_release_date": "2018-03-16T15:31:57Z",
"generator": {
"date": "2018-03-16T15:31:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0715-1",
"initial_release_date": "2018-03-16T15:31:57Z",
"revision_history": [
{
"date": "2018-03-16T15:31:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.i586",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.i586",
"product_id": "libid3tag-0.15.1b-132.3.1.i586"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.i586",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.i586",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.ia64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.ia64",
"product_id": "libid3tag-0.15.1b-132.3.1.ia64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.ppc64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.ppc64",
"product_id": "libid3tag-0.15.1b-132.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.s390x",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.s390x",
"product_id": "libid3tag-0.15.1b-132.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-0.15.1b-132.3.1.x86_64",
"product": {
"name": "libid3tag-0.15.1b-132.3.1.x86_64",
"product_id": "libid3tag-0.15.1b-132.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"product": {
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"product_id": "libid3tag-devel-0.15.1b-132.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-0.15.1b-132.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64"
},
"product_reference": "libid3tag-0.15.1b-132.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-132.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-132.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2004-2779"
}
],
"notes": [
{
"category": "general",
"text": "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2004-2779",
"url": "https://www.suse.com/security/cve/CVE-2004-2779"
},
{
"category": "external",
"summary": "SUSE Bug 1081959 for CVE-2004-2779",
"url": "https://bugzilla.suse.com/1081959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2004-2779"
},
{
"cve": "CVE-2008-2109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2109"
}
],
"notes": [
{
"category": "general",
"text": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in \u0027\\0\u0027, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2109",
"url": "https://www.suse.com/security/cve/CVE-2008-2109"
},
{
"category": "external",
"summary": "SUSE Bug 387731 for CVE-2008-2109",
"url": "https://bugzilla.suse.com/387731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2008-2109"
},
{
"cve": "CVE-2017-11550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11550"
}
],
"notes": [
{
"category": "general",
"text": "The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11550",
"url": "https://www.suse.com/security/cve/CVE-2017-11550"
},
{
"category": "external",
"summary": "SUSE Bug 1081962 for CVE-2017-11550",
"url": "https://bugzilla.suse.com/1081962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-11550"
},
{
"cve": "CVE-2017-11551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11551"
}
],
"notes": [
{
"category": "general",
"text": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11551",
"url": "https://www.suse.com/security/cve/CVE-2017-11551"
},
{
"category": "external",
"summary": "SUSE Bug 1081961 for CVE-2017-11551",
"url": "https://bugzilla.suse.com/1081961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-0.15.1b-132.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libid3tag-devel-0.15.1b-132.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:31:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-11551"
}
]
}
SUSE-SU-2018:0722-1
Vulnerability from csaf_suse - Published: 2018-03-16 15:32 - Updated: 2018-03-16 15:32Summary
Security update for libid3tag
Notes
Title of the patch
Security update for libid3tag
Description of the patch
This update for libid3tag fixes the following issues:
- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,
which previously misparsed ID3v2 tags encoded in UTF-16 with an odd
number of bytes, triggering an endless loop allocating memory until
OOM leading to DoS. (bsc#1081959 bsc#1081961)
- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown
encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)
Patchnames
SUSE-SLE-DESKTOP-12-SP2-2018-490,SUSE-SLE-DESKTOP-12-SP3-2018-490,SUSE-SLE-SDK-12-SP2-2018-490,SUSE-SLE-SDK-12-SP3-2018-490,SUSE-SLE-WE-12-SP2-2018-490,SUSE-SLE-WE-12-SP3-2018-490
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libid3tag",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libid3tag fixes the following issues:\n\n- CVE-2004-2779 CVE-2017-11551: Fixed id3_utf16_deserialize() in utf16.c,\n which previously misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating memory until\n OOM leading to DoS. (bsc#1081959 bsc#1081961)\n- CVE-2017-11550 CVE-2008-2109: Fixed the handling of unknown\n encodings when parsing ID3 tags. (bsc#1081962 bsc#387731)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2018-490,SUSE-SLE-DESKTOP-12-SP3-2018-490,SUSE-SLE-SDK-12-SP2-2018-490,SUSE-SLE-SDK-12-SP3-2018-490,SUSE-SLE-WE-12-SP2-2018-490,SUSE-SLE-WE-12-SP3-2018-490",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0722-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0722-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180722-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0722-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003823.html"
},
{
"category": "self",
"summary": "SUSE Bug 1081959",
"url": "https://bugzilla.suse.com/1081959"
},
{
"category": "self",
"summary": "SUSE Bug 1081961",
"url": "https://bugzilla.suse.com/1081961"
},
{
"category": "self",
"summary": "SUSE Bug 1081962",
"url": "https://bugzilla.suse.com/1081962"
},
{
"category": "self",
"summary": "SUSE Bug 387731",
"url": "https://bugzilla.suse.com/387731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2004-2779 page",
"url": "https://www.suse.com/security/cve/CVE-2004-2779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-2109 page",
"url": "https://www.suse.com/security/cve/CVE-2008-2109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11550 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-11551 page",
"url": "https://www.suse.com/security/cve/CVE-2017-11551/"
}
],
"title": "Security update for libid3tag",
"tracking": {
"current_release_date": "2018-03-16T15:32:29Z",
"generator": {
"date": "2018-03-16T15:32:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0722-1",
"initial_release_date": "2018-03-16T15:32:29Z",
"revision_history": [
{
"date": "2018-03-16T15:32:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.aarch64",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64",
"product_id": "libid3tag0-0.15.1b-184.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"product_id": "libid3tag0-0.15.1b-184.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.s390x",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x",
"product_id": "libid3tag0-0.15.1b-184.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libid3tag0-0.15.1b-184.3.1.x86_64",
"product": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64",
"product_id": "libid3tag0-0.15.1b-184.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"product": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"product_id": "libid3tag-devel-0.15.1b-184.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP2",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag-devel-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag-devel-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP2",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libid3tag0-0.15.1b-184.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP3",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
},
"product_reference": "libid3tag0-0.15.1b-184.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-2779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2004-2779"
}
],
"notes": [
{
"category": "general",
"text": "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2004-2779",
"url": "https://www.suse.com/security/cve/CVE-2004-2779"
},
{
"category": "external",
"summary": "SUSE Bug 1081959 for CVE-2004-2779",
"url": "https://bugzilla.suse.com/1081959"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2004-2779"
},
{
"cve": "CVE-2008-2109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-2109"
}
],
"notes": [
{
"category": "general",
"text": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in \u0027\\0\u0027, which triggers an infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-2109",
"url": "https://www.suse.com/security/cve/CVE-2008-2109"
},
{
"category": "external",
"summary": "SUSE Bug 387731 for CVE-2008-2109",
"url": "https://bugzilla.suse.com/387731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2008-2109"
},
{
"cve": "CVE-2017-11550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11550"
}
],
"notes": [
{
"category": "general",
"text": "The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11550",
"url": "https://www.suse.com/security/cve/CVE-2017-11550"
},
{
"category": "external",
"summary": "SUSE Bug 1081962 for CVE-2017-11550",
"url": "https://bugzilla.suse.com/1081962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-11550"
},
{
"cve": "CVE-2017-11551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-11551"
}
],
"notes": [
{
"category": "general",
"text": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-11551",
"url": "https://www.suse.com/security/cve/CVE-2017-11551"
},
{
"category": "external",
"summary": "SUSE Bug 1081961 for CVE-2017-11551",
"url": "https://bugzilla.suse.com/1081961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag-devel-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP2:libid3tag0-0.15.1b-184.3.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP3:libid3tag0-0.15.1b-184.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-16T15:32:29Z",
"details": "moderate"
}
],
"title": "CVE-2017-11551"
}
]
}
FKIE_CVE-2017-11551
Vulnerability from fkie_nvd - Published: 2017-07-31 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2017/Jul/85 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2017/Jul/85 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libid3tag_project | libid3tag | 0.15.1b |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BB7DF5-C4CE-4865-B9B2-5C5097F24F46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
},
{
"lang": "es",
"value": "La funci\u00f3n id3_field_parse en el archivo field.c en libid3tag versi\u00f3n 0.15.1b, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (OOM) por medio de un archivo MP3 creado."
}
],
"id": "CVE-2017-11551",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-31T13:29:01.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-332H-96GG-2P6G
Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20
VLAI?
Details
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-11551"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-31T13:29:00Z",
"severity": "MODERATE"
},
"details": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GHSA-332h-96gg-2p6g",
"modified": "2022-05-17T02:20:37Z",
"published": "2022-05-17T02:20:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11551"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-11551
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-11551",
"description": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GSD-2017-11551",
"references": [
"https://www.suse.com/security/cve/CVE-2017-11551.html",
"https://advisories.mageia.org/CVE-2017-11551.html",
"https://security.archlinux.org/CVE-2017-11551"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-11551"
],
"details": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.",
"id": "GSD-2017-11551",
"modified": "2023-12-13T01:21:15.456473Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libid3tag_project:libid3tag:0.15.1b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11551"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/85",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2017/Jul/85"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-08-02T18:20Z",
"publishedDate": "2017-07-31T13:29Z"
}
}
}
CNVD-2017-19548
Vulnerability from cnvd - Published: 2017-08-08
VLAI Severity ?
Title
libid3tag 'id3_field_parse'函数拒绝服务漏洞
Description
libid3tag是MPEG音频解码器MAD中所捆绑的ID3标签操控库。
libid3tag 0.15.1b版本中的field.c文件的'id3_field_parse'函数存在安全漏洞。远程攻击者可借助特制的MP3文件利用该漏洞造成拒绝服务。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://github.com/markjeee/libid3tag
Reference
http://seclists.org/fulldisclosure/2017/Jul/85
Impacted products
| Name | libid3tag libid3tag 0.15.1b |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-11551",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11551"
}
},
"description": "libid3tag\u662fMPEG\u97f3\u9891\u89e3\u7801\u5668MAD\u4e2d\u6240\u6346\u7ed1\u7684ID3\u6807\u7b7e\u64cd\u63a7\u5e93\u3002\r\n\r\nlibid3tag 0.15.1b\u7248\u672c\u4e2d\u7684field.c\u6587\u4ef6\u7684\u0027id3_field_parse\u0027\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684MP3\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "qflb.wu",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://github.com/markjeee/libid3tag",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-19548",
"openTime": "2017-08-08",
"products": {
"product": "libid3tag libid3tag 0.15.1b"
},
"referenceLink": "http://seclists.org/fulldisclosure/2017/Jul/85",
"serverity": "\u4e2d",
"submitTime": "2017-08-03",
"title": "libid3tag \u0027id3_field_parse\u0027\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…