High severity7.5NVD Advisory· Published Feb 20, 2018· Updated Jun 16, 2026
CVE-2004-2779
CVE-2004-2779
Description
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <=0.15.1b
- osv-coords7 versionspkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP2pkg:rpm/suse/libid3tag&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
< 0.15.1b-184.3.1+ 6 more
- (no CPE)range: < 0.15.1b-184.3.1
- (no CPE)range: < 0.15.1b-184.3.1
- (no CPE)range: < 0.15.1b-132.3.1
- (no CPE)range: < 0.15.1b-184.3.1
- (no CPE)range: < 0.15.1b-184.3.1
- (no CPE)range: < 0.15.1b-184.3.1
- (no CPE)range: < 0.15.1b-184.3.1
Patches
Vulnerability mechanics
References
3- sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/nvdPatchThird Party Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingMailing ListThird Party Advisory
- bugzilla.gnome.org/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.