libid3tag-devel-0.15.1b-188.15 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10948 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libid3tag-devel-0.15.1b-188.15 on GA media These are all security issues fixed in the libid3tag-devel-0.15.1b-188.15 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10948 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10948 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2004-2779/ SUSE CVE CVE-2004-2779 page https://www.suse.com/security/cve/CVE-2017-11550/ SUSE CVE CVE-2017-11550 page openSUSE Tumbleweed libid3tag-devel-0.15.1b-188.15 libid3tag0-0.15.1b-188.15 libid3tag0-32bit-0.15.1b-188.15 libid3tag-devel-0.15.1b-188.15 as a component of openSUSE Tumbleweed libid3tag0-0.15.1b-188.15 as a component of openSUSE Tumbleweed libid3tag0-32bit-0.15.1b-188.15 as a component of openSUSE Tumbleweed id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). CVE-2004-2779 openSUSE Tumbleweed:libid3tag-devel-0.15.1b-188.15 openSUSE Tumbleweed:libid3tag0-0.15.1b-188.15 openSUSE Tumbleweed:libid3tag0-32bit-0.15.1b-188.15 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2004-2779.html CVE-2004-2779 https://bugzilla.suse.com/1081959 SUSE Bug 1081959 The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file. CVE-2017-11550 openSUSE Tumbleweed:libid3tag-devel-0.15.1b-188.15 openSUSE Tumbleweed:libid3tag0-0.15.1b-188.15 openSUSE Tumbleweed:libid3tag0-32bit-0.15.1b-188.15 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11550.html CVE-2017-11550 https://bugzilla.suse.com/1081962 SUSE Bug 1081962