GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
BID:29958
Info
GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
| Bugtraq ID: | 29958 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-7185 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | Juan Pablo Lopez Yacubian |
| Vulnerable: |
GNOME Rhythmbox 0.11.5 |
| Not Vulnerable: | |
Discussion
GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
GNOME Rhythmbox is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input.
Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.
GNOME Rhythmbox 0.11.5 is vulnerable; other versions may also be affected.
GNOME Rhythmbox is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input.
Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, code execution may be possible, but this has not been confirmed.
GNOME Rhythmbox 0.11.5 is vulnerable; other versions may also be affected.
Exploit / POC
GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
The following proof-of-concept playlist content is available:
[playlist]
X-GNOME-Title=
Title= A * 1475
NumberOfEntries=0
The following proof-of-concept playlist content is available:
[playlist]
X-GNOME-Title=
Title= A * 1475
NumberOfEntries=0
Solution / Fix
GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
GNOME Rhythmbox Malformed Playlist File Denial Of Service Vulnerability
References:
References: