CVE-2004-1302

2004-12-2205:00:00

mitre

www.cve.org

AI Score

7.5

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.

References

rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html

secunia.com/advisories/13554

securitytracker.com/id?1012583

tigger.uic.edu/~jlongs2/holes/yamt.txt

www.securityfocus.com/bid/11999

exchange.xforce.ibmcloud.com/vulnerabilities/18614