Search...

Fedora Update for libid3tag FEDORA-2008-3757

2009-02-17T00:00:00

ID OPENVAS:860494
Type openvas
Reporter Copyright (C) 2009 Greenbone Networks GmbH
Modified 2017-07-10T00:00:00

Description

Check for the Version of libid3tag

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for libid3tag FEDORA-2008-3757
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_affected = "libid3tag on Fedora 9";
tag_insight = "libid3tag is a library for reading and (eventually) writing ID3 tags,
  both ID3v1 and the various versions of ID3v2.";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html");
  script_id(860494);
  script_version("$Revision: 6623 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name: "FEDORA", value: "2008-3757");
  script_cve_id("CVE-2008-2109");
  script_name( "Fedora Update for libid3tag FEDORA-2008-3757");

  script_summary("Check for the Version of libid3tag");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "FC9")
{

  if ((res = isrpmvuln(pkg:"libid3tag", rpm:"libid3tag~0.15.1b~6.fc9", rls:"FC9")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:860494", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for libid3tag FEDORA-2008-3757", "description": "Check for the Version of libid3tag", "published": "2009-02-17T00:00:00", "modified": "2017-07-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860494", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html", "2008-3757"], "cvelist": ["CVE-2008-2109"], "lastseen": "2017-07-25T10:56:26", "viewCount": 0, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2017-07-25T10:56:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3757", "CVE-2008-2109"]}, {"type": "openvas", "idList": ["OPENVAS:860803", "OPENVAS:830656", "OPENVAS:1361412562310830656", "OPENVAS:61049", "OPENVAS:860382"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8998", "SECURITYVULNS:DOC:19849"]}, {"type": "gentoo", "idList": ["GLSA-200805-15"]}, {"type": "seebug", "idList": ["SSV:3307"]}, {"type": "nessus", "idList": ["FEDORA_2008-3976.NASL", "MANDRIVA_MDVSA-2008-103.NASL", "GENTOO_GLSA-200805-15.NASL", "OPENSUSE-2018-277.NASL", "FEDORA_2008-3757.NASL", "SUSE_SU-2018-0722-1.NASL", "FEDORA_2008-3874.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M4DFOADO023734", "FEDORA:M4EMDPY1000933", "FEDORA:M4ELWQO3031761"]}], "modified": "2017-07-25T10:56:26", "rev": 2}, "vulnersScore": 6.0}, "pluginID": "860494", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libid3tag FEDORA-2008-3757\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libid3tag on Fedora 9\";\ntag_insight = \"libid3tag is a library for reading and (eventually) writing ID3 tags,\n both ID3v1 and the various versions of ID3v2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00159.html\");\n script_id(860494);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3757\");\n script_cve_id(\"CVE-2008-2109\");\n script_name( \"Fedora Update for libid3tag FEDORA-2008-3757\");\n\n script_summary(\"Check for the Version of libid3tag\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~6.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T05:35:13", "description": "field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which triggers an infinite loop.", "edition": 4, "cvss3": {}, "published": "2008-05-07T21:20:00", "title": "CVE-2008-2109", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2109"], "modified": "2017-08-08T01:30:00", "cpe": ["cpe:/a:media-libs:libid3tag:0.15.0b"], "id": "CVE-2008-2109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2109", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:media-libs:libid3tag:0.15.0b:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "description": "Check for the Version of libid3tag", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830656", "href": "http://plugins.openvas.org/nasl.php?oid=830656", "type": "openvas", "title": "Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"field.c in the libid3tag 0.15.0b library allows context-dependent\n attackers to cause a denial of service (CPU and memory consumption)\n via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which\n triggers an infinite loop.\n\n The updated packages have been patched to correct this.\";\n\ntag_affected = \"libid3tag on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-05/msg00021.php\");\n script_id(830656);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:103\");\n script_cve_id(\"CVE-2008-2109\");\n script_name( \"Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)\");\n\n script_summary(\"Check for the Version of libid3tag\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag0\", rpm:\"libid3tag0~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag0-devel\", rpm:\"libid3tag0-devel~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0\", rpm:\"lib64id3tag0~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0-devel\", rpm:\"lib64id3tag0-devel~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag0\", rpm:\"libid3tag0~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag-devel\", rpm:\"libid3tag-devel~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0\", rpm:\"lib64id3tag0~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag-devel\", rpm:\"lib64id3tag-devel~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "description": "Check for the Version of libid3tag", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830656", "type": "openvas", "title": "Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"field.c in the libid3tag 0.15.0b library allows context-dependent\n attackers to cause a denial of service (CPU and memory consumption)\n via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which\n triggers an infinite loop.\n\n The updated packages have been patched to correct this.\";\n\ntag_affected = \"libid3tag on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-05/msg00021.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830656\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:103\");\n script_cve_id(\"CVE-2008-2109\");\n script_name( \"Mandriva Update for libid3tag MDVSA-2008:103 (libid3tag)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libid3tag\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag0\", rpm:\"libid3tag0~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag0-devel\", rpm:\"libid3tag0-devel~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0\", rpm:\"lib64id3tag0~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0-devel\", rpm:\"lib64id3tag0-devel~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag0\", rpm:\"libid3tag0~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag-devel\", rpm:\"libid3tag-devel~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~6.1mdv2008.0\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag0\", rpm:\"lib64id3tag0~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64id3tag-devel\", rpm:\"lib64id3tag-devel~0.15.1b~6.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200805-15.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:61049", "href": "http://plugins.openvas.org/nasl.php?oid=61049", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200805-15 (libid3tag)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A Denial of Service vulnerability was found in libid3tag.\";\ntag_solution = \"All libid3tag users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libid3tag-0.15.1b-r2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200805-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=210564\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200805-15.\";\n\n \n\nif(description)\n{\n script_id(61049);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2109\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200805-15 (libid3tag)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/libid3tag\", unaffected: make_list(\"ge 0.15.1b-r2\"), vulnerable: make_list(\"lt 0.15.1b-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "description": "Check for the Version of libid3tag", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860382", "href": "http://plugins.openvas.org/nasl.php?oid=860382", "type": "openvas", "title": "Fedora Update for libid3tag FEDORA-2008-3874", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libid3tag FEDORA-2008-3874\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libid3tag on Fedora 7\";\ntag_insight = \"libid3tag is a library for reading and (eventually) writing ID3 tags,\n both ID3v1 and the various versions of ID3v2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00234.html\");\n script_id(860382);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3874\");\n script_cve_id(\"CVE-2008-2109\");\n script_name( \"Fedora Update for libid3tag FEDORA-2008-3874\");\n\n script_summary(\"Check for the Version of libid3tag\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~5.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "description": "Check for the Version of libid3tag", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860803", "href": "http://plugins.openvas.org/nasl.php?oid=860803", "type": "openvas", "title": "Fedora Update for libid3tag FEDORA-2008-3976", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libid3tag FEDORA-2008-3976\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"libid3tag on Fedora 8\";\ntag_insight = \"libid3tag is a library for reading and (eventually) writing ID3 tags,\n both ID3v1 and the various versions of ID3v2.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00281.html\");\n script_id(860803);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:43:56 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-3976\");\n script_cve_id(\"CVE-2008-2109\");\n script_name( \"Fedora Update for libid3tag FEDORA-2008-3976\");\n\n script_summary(\"Check for the Version of libid3tag\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"libid3tag\", rpm:\"libid3tag~0.15.1b~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:29", "bulletinFamily": "software", "cvelist": ["CVE-2008-2109"], "description": "Endless loop on MP3 files parsing.", "edition": 1, "modified": "2008-05-14T00:00:00", "published": "2008-05-14T00:00:00", "id": "SECURITYVULNS:VULN:8998", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8998", "title": "libid3tag library endless loop", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "cvelist": ["CVE-2008-2109"], "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200805-15\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: libid3tag: Denial of Service\r\n Date: May 14, 2008\r\n Bugs: #210564\r\n ID: 200805-15\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA Denial of Service vulnerability was found in libid3tag.\r\n\r\nBackground\r\n==========\r\n\r\nlibid3tag is an ID3 tag manipulation library.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-libs/libid3tag < 0.15.1b-r2 >= 0.15.1b-r2\r\n\r\nDescription\r\n===========\r\n\r\nKentaro Oda reported an infinite loop in the file field.c when parsing\r\nan MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'.\r\n\r\nImpact\r\n======\r\n\r\nA remote attacker could entice a user to open a specially crafted MP3\r\nfile, possibly resulting in a Denial of Service.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll libid3tag users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-libs/libid3tag-0.15.1b-r2"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-2109\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2109\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200805-15.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2008 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "edition": 1, "modified": "2008-05-14T00:00:00", "published": "2008-05-14T00:00:00", "id": "SECURITYVULNS:DOC:19849", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19849", "title": "[ GLSA 200805-15 ] libid3tag: Denial of Service", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:52", "description": "field.c in the libid3tag 0.15.0b library allows context-dependent\nattackers to cause a denial of service (CPU and memory consumption)\nvia an ID3_FIELD_TYPE_STRINGLIST field that ends in '', which\ntriggers an infinite loop.\n\nThe updated packages have been patched to correct this.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : libid3tag (MDVSA-2008:103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libid3tag0-devel", "p-cpe:/a:mandriva:linux:libid3tag0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:lib64id3tag0", "p-cpe:/a:mandriva:linux:lib64id3tag-devel", "p-cpe:/a:mandriva:linux:libid3tag-devel", "p-cpe:/a:mandriva:linux:lib64id3tag0-devel"], "id": "MANDRIVA_MDVSA-2008-103.NASL", "href": "https://www.tenable.com/plugins/nessus/37269", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:103. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37269);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2109\");\n script_xref(name:\"MDVSA\", value:\"2008:103\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libid3tag (MDVSA-2008:103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"field.c in the libid3tag 0.15.0b library allows context-dependent\nattackers to cause a denial of service (CPU and memory consumption)\nvia an ID3_FIELD_TYPE_STRINGLIST field that ends in '', which\ntriggers an infinite loop.\n\nThe updated packages have been patched to correct this.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64id3tag-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64id3tag0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64id3tag0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libid3tag-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libid3tag0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libid3tag0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64id3tag0-0.15.1b-6.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64id3tag0-devel-0.15.1b-6.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libid3tag0-0.15.1b-6.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libid3tag0-devel-0.15.1b-6.1mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64id3tag-devel-0.15.1b-6.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64id3tag0-0.15.1b-6.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libid3tag-devel-0.15.1b-6.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libid3tag0-0.15.1b-6.1mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:52:22", "description": "The remote host is affected by the vulnerability described in GLSA-200805-15\n(libid3tag: Denial of Service)\n\n Kentaro Oda reported an infinite loop in the file field.c when parsing\n an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\\\0'.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted MP3\n file, possibly resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2008-05-16T00:00:00", "title": "GLSA-200805-15 : libid3tag: Denial of Service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "modified": "2008-05-16T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:libid3tag"], "id": "GENTOO_GLSA-200805-15.NASL", "href": "https://www.tenable.com/plugins/nessus/32352", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200805-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32352);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2109\");\n script_xref(name:\"GLSA\", value:\"200805-15\");\n\n script_name(english:\"GLSA-200805-15 : libid3tag: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200805-15\n(libid3tag: Denial of Service)\n\n Kentaro Oda reported an infinite loop in the file field.c when parsing\n an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\\\0'.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted MP3\n file, possibly resulting in a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200805-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All libid3tag users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/libid3tag-0.15.1b-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:libid3tag\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/libid3tag\", unaffected:make_list(\"ge 0.15.1b-r2\"), vulnerable:make_list(\"lt 0.15.1b-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:32", "description": " - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> -\n 0.15.1b-5\n\n - fix for CVE-2008-2109 (#445812)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-05-16T00:00:00", "title": "Fedora 8 : libid3tag-0.15.1b-5.fc8 (2008-3976)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "modified": "2008-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libid3tag", "cpe:/o:fedoraproject:fedora:8"], "id": "FEDORA_2008-3976.NASL", "href": "https://www.tenable.com/plugins/nessus/32348", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3976.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32348);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2109\");\n script_bugtraq_id(29210);\n script_xref(name:\"FEDORA\", value:\"2008-3976\");\n\n script_name(english:\"Fedora 8 : libid3tag-0.15.1b-5.fc8 (2008-3976)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> -\n 0.15.1b-5\n\n - fix for CVE-2008-2109 (#445812)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009933.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7483b9cd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libid3tag package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libid3tag\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"libid3tag-0.15.1b-5.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:31", "description": " - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> -\n 0.15.1b-6\n\n - fix for CVE-2008-2109 (#445812)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2008-05-16T00:00:00", "title": "Fedora 9 : libid3tag-0.15.1b-6.fc9 (2008-3757)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "modified": "2008-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libid3tag", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2008-3757.NASL", "href": "https://www.tenable.com/plugins/nessus/32332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3757.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32332);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2109\");\n script_xref(name:\"FEDORA\", value:\"2008-3757\");\n\n script_name(english:\"Fedora 9 : libid3tag-0.15.1b-6.fc9 (2008-3757)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri May 9 2008 Todd Zullinger <tmz at pobox.com> -\n 0.15.1b-6\n\n - fix for CVE-2008-2109 (#445812)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f9d7b36d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libid3tag package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libid3tag\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"libid3tag-0.15.1b-6.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:06:31", "description": " - Bug #445812 - CVE-2008-2109 libid3tag: infinite loop in\n ID3_FIELD_TYPE_STRINGLIST parsing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-05-16T00:00:00", "title": "Fedora 7 : libid3tag-0.15.1b-5.fc7 (2008-3874)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2109"], "modified": "2008-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libid3tag", "cpe:/o:fedoraproject:fedora:7"], "id": "FEDORA_2008-3874.NASL", "href": "https://www.tenable.com/plugins/nessus/32336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-3874.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32336);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-2109\");\n script_bugtraq_id(29210);\n script_xref(name:\"FEDORA\", value:\"2008-3874\");\n\n script_name(english:\"Fedora 7 : libid3tag-0.15.1b-5.fc7 (2008-3874)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Bug #445812 - CVE-2008-2109 libid3tag: infinite loop in\n ID3_FIELD_TYPE_STRINGLIST parsing\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=445812\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6559c965\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libid3tag package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libid3tag\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"libid3tag-0.15.1b-5.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-29T14:05:43", "description": "This update for libid3tag fixes the following issues :\n\n - CVE-2004-2779 CVE-2017-11551: Fixed\n id3_utf16_deserialize() in utf16.c, which previously\n misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating\n memory until OOM leading to DoS. (bsc#1081959\n bsc#1081961)\n\n - CVE-2017-11550 CVE-2008-2109: Fixed the handling of\n unknown encodings when parsing ID3 tags. (bsc#1081962\n bsc#387731)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-19T00:00:00", "title": "SUSE SLED12 Security Update : libid3tag (SUSE-SU-2018:0722-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2779", "CVE-2017-11550", "CVE-2017-11551", "CVE-2008-2109"], "modified": "2018-03-19T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:libid3tag0-debuginfo", "p-cpe:/a:novell:suse_linux:libid3tag-debugsource", "p-cpe:/a:novell:suse_linux:libid3tag0"], "id": "SUSE_SU-2018-0722-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108452", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0722-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108452);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2004-2779\", \"CVE-2008-2109\", \"CVE-2017-11550\", \"CVE-2017-11551\");\n script_bugtraq_id(29210);\n\n script_name(english:\"SUSE SLED12 Security Update : libid3tag (SUSE-SU-2018:0722-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libid3tag fixes the following issues :\n\n - CVE-2004-2779 CVE-2017-11551: Fixed\n id3_utf16_deserialize() in utf16.c, which previously\n misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating\n memory until OOM leading to DoS. (bsc#1081959\n bsc#1081961)\n\n - CVE-2017-11550 CVE-2008-2109: Fixed the handling of\n unknown encodings when parsing ID3 tags. (bsc#1081962\n bsc#387731)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=387731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-2779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2008-2109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11551/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180722-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f4a3a3ac\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-490=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2018-490=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-490=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-490=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-490=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-490=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libid3tag-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libid3tag0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libid3tag0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/05/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libid3tag-debugsource-0.15.1b-184.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libid3tag0-0.15.1b-184.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libid3tag0-debuginfo-0.15.1b-184.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libid3tag-debugsource-0.15.1b-184.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libid3tag0-0.15.1b-184.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libid3tag0-debuginfo-0.15.1b-184.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:36:23", "description": "This update for libid3tag fixes the following issues :\n\n - CVE-2004-2779 CVE-2017-11551: Fixed\n id3_utf16_deserialize() in utf16.c, which previously\n misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating\n memory until OOM leading to DoS. (bsc#1081959\n bsc#1081961)\n\n - CVE-2017-11550 CVE-2008-2109: Fixed the handling of\n unknown encodings when parsing ID3 tags. (bsc#1081962\n bsc#387731)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-19T00:00:00", "title": "openSUSE Security Update : libid3tag (openSUSE-2018-277)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2779", "CVE-2017-11550", "CVE-2017-11551", "CVE-2008-2109"], "modified": "2018-03-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libid3tag0-debuginfo", "p-cpe:/a:novell:opensuse:libid3tag-devel", "p-cpe:/a:novell:opensuse:libid3tag0-32bit", "p-cpe:/a:novell:opensuse:libid3tag-debugsource", "p-cpe:/a:novell:opensuse:libid3tag0", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:libid3tag0-debuginfo-32bit"], "id": "OPENSUSE-2018-277.NASL", "href": "https://www.tenable.com/plugins/nessus/108441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-277.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108441);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-2779\", \"CVE-2008-2109\", \"CVE-2017-11550\", \"CVE-2017-11551\");\n\n script_name(english:\"openSUSE Security Update : libid3tag (openSUSE-2018-277)\");\n script_summary(english:\"Check for the openSUSE-2018-277 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libid3tag fixes the following issues :\n\n - CVE-2004-2779 CVE-2017-11551: Fixed\n id3_utf16_deserialize() in utf16.c, which previously\n misparsed ID3v2 tags encoded in UTF-16 with an odd\n number of bytes, triggering an endless loop allocating\n memory until OOM leading to DoS. (bsc#1081959\n bsc#1081961)\n\n - CVE-2017-11550 CVE-2008-2109: Fixed the handling of\n unknown encodings when parsing ID3 tags. (bsc#1081962\n bsc#387731)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=387731\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libid3tag packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libid3tag0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libid3tag-debugsource-0.15.1b-188.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libid3tag-devel-0.15.1b-188.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libid3tag0-0.15.1b-188.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libid3tag0-debuginfo-0.15.1b-188.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libid3tag0-32bit-0.15.1b-188.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libid3tag0-debuginfo-32bit-0.15.1b-188.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libid3tag-debugsource / libid3tag-devel / libid3tag0 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2109"], "description": "### Background\n\nlibid3tag is an ID3 tag manipulation library. \n\n### Description\n\nKentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0'. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted MP3 file, possibly resulting in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libid3tag users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/libid3tag-0.15.1b-r2\"", "edition": 1, "modified": "2008-05-14T00:00:00", "published": "2008-05-14T00:00:00", "id": "GLSA-200805-15", "href": "https://security.gentoo.org/glsa/200805-15", "type": "gentoo", "title": "libid3tag: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:46:18", "description": "BUGTRAQ ID: 29210\r\nCVE(CAN) ID: CVE-2008-2109\r\n\r\nlibid3tag\u662fMPEG\u97f3\u9891\u89e3\u7801\u5668MAD\u4e2d\u6240\u6346\u7ed1\u7684ID3\u6807\u7b7e\u64cd\u63a7\u5e93\u3002\r\n\r\nlibid3tag\u5e93\u5728\u89e3\u6790ID3_FIELD_TYPE_STRINGLIST\u5b57\u6bb5\u65f6\u5982\u679c\u6240\u8981\u89e3\u6790\u7684\u6570\u636e\u4ee5\\0\u7ed3\u5c3e\u7684\u8bdd\uff0c**ptr == 0\uff0c\u4f46end - *ptr\u6761\u4ef6\u4e3a1\uff0c\u6240\u4ee5\u5faa\u73af\u4f1a\u65e0\u9650\u7ee7\u7eed\u3002\r\n\r\n\u4ee5\u4e0b\u662f\u6709\u6f0f\u6d1e\u7684\u4ee3\u7801\u6bb5\uff1a\r\n\r\n*** field.c 2003-04-19 09:14:33.000000000 +0900\r\n--- field-patched.c 2008-01-13 16:08:22.000000000 +0900\r\n***************\r\n*** 291,297 ****\r\n\r\n end = *ptr + length;\r\n\r\n! while (end - *ptr > 0) {\r\n ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);\r\n if (ucs4 == 0)\r\n goto fail;\r\n--- 291,297 ----\r\n\r\n end = *ptr + length;\r\n\r\n! while (end - *ptr > 0 && **ptr != '\\0') {\r\n ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);\r\n if (ucs4 == 0)\r\n goto fail;\r\n\n\nUnderbit Technologies libid3tag 0.15.0b\n Underbit Technologies\r\n---------------------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=http://www.underbit.com/ target=_blank>http://www.underbit.com/</a>", "published": "2008-05-21T00:00:00", "title": "libid3tag\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2109"], "modified": "2008-05-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3307", "id": "SSV:3307", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2109"], "description": "libid3tag is a library for reading and (eventually) writing ID3 tags, both ID3v1 and the various versions of ID3v2. ", "modified": "2008-05-14T22:13:27", "published": "2008-05-14T22:13:27", "id": "FEDORA:M4EMDPY1000933", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: libid3tag-0.15.1b-5.fc8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2109"], "description": "libid3tag is a library for reading and (eventually) writing ID3 tags, both ID3v1 and the various versions of ID3v2. ", "modified": "2008-05-13T15:24:29", "published": "2008-05-13T15:24:29", "id": "FEDORA:M4DFOADO023734", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: libid3tag-0.15.1b-6.fc9", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2109"], "description": "libid3tag is a library for reading and (eventually) writing ID3 tags, both ID3v1 and the various versions of ID3v2. ", "modified": "2008-05-14T21:32:31", "published": "2008-05-14T21:32:31", "id": "FEDORA:M4ELWQO3031761", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: libid3tag-0.15.1b-5.fc7", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}