Main Vulnerability Database SB2020030807

SB2020030807 - Input validation error in id3lib (Alpine package)

Published: March 8, 2020

Security Bulletin ID SB2020030807

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2007-4460)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=9b1499bd9c610e813b1ef685ccca74a37d1362ba