VDB
CVE-2006-4197
CVE-2006-4197
PUBLISHED
CVSS 7.5 HIGH
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
EPSS 34.87% · 97.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
34.87%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| musicbrainz | libmusicbrainz | 0 |
| n/a | n/a | n/a |
| musicbrainz | libmusicbrainz_svn | 0 |
Timeline
- Aug 17, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- DSA-1162 vendor-advisory
- 22393 third-party-advisory
- 22191 third-party-advisory
- libmusicbrainz-mbhttpdownload-bo(28367) vdb
- 22639 third-party-advisory
- 21404 third-party-advisory
- https://issues.rpath.com/browse/RPL-610 url
- USN-363-1 vendor-advisory
- 19508 vdb
- GLSA-200610-09 vendor-advisory
- 22517 third-party-advisory
- SUSE-SR:2006:025 vendor-advisory
- http://aluigi.altervista.org/adv/brainzbof-adv.txt url
- 21699 third-party-advisory
- 20060830 rPSA-2006-0161-1 libmusicbrainz mailing-list
- libmusicbrainz-rdfparse-bo(28368) vdb
- 21668 third-party-advisory
- 20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2 mailing-list
- 1016691 vdb
- MDKSA-2006:157 vendor-advisory
…and 2 more