VDB
CVE-2020-13152
CVE-2020-13152
PUBLISHED
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
EPSS 2.52% · 85.7th percentile
Risk Scores
EPSS Score
2.52%
85.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | amarok | *, 2:2.9.0-0ubuntu2, 2:2.9.0-0ubuntu1 |
| Ubuntu:16.04:LTS | amarok | 0, 2:2.8.0-0ubuntu6, 2:2.8.0-0ubuntu7 |
| Ubuntu:25.10 | amarok | 2:3.2.2-1ubuntu2, 2:3.2.2-1ubuntu1, 0 |
Exploit Intelligence
- http://packetstormsecurity.com/files/159898/Amarok-2.8.0-Denial-Of-Service.html (nist-nvd)
- https://r00texpl0it.wordpress.com/2020/05/20/kde-amarok-2-8-0-allows-remote-attackers-to-cause-a-denial-of-service/ (nist-nvd)
- Amarok 2.8.0 - Denial of Service Exploit (0day-today)
- Amarok 2.8.0 - Denial of Service Exploit (0day-today)
Timeline
- May 20, 2020 CVE Published
- Nov 5, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-13152 third-party-advisory
- https://r00texpl0it.wordpress.com/2020/05/20/kde-amarok-2-8-0-allows-remote-attackers-to-cause-a-denial-of-service/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-13152 third-party-advisory