libid3tag.so is vulnerable to denial of service (DoS) through out-of-memory (OOM) issues. The vulnerability exists in id3_utf16_deserialize()
of utf16.c
when parsing ID3v2
tags encoded in UTF-16
that contains an odd number of bytes, which causes an infinite loop of allocating memory.
CPE | Name | Operator | Version |
---|---|---|---|
libid3tag.so | eq | 0.3.0 |