CVE-2008-2109

Description

field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.

How to fix CVE-2008-2109

To remediate CVE-2008-2109, upgrade the affected package to a fixed version below.

• Debian/libid3tag—upgrade to 0.15.1b-8 or later

Is CVE-2008-2109 being exploited?

Moderate — EPSS is 7.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.15.1b-8

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-2109