QwikSec

Security Database

CVE

CWE

Training

CVE-2006-4197

Published: Aug 17, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

libmusicbrainz-mbhttpdownload-bo(28367)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-610

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2006:025

vendor-advisory

x_refsource_SUSE

http://aluigi.altervista.org/adv/brainzbof-adv.txt

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

20060830 rPSA-2006-0161-1 libmusicbrainz

mailing-list

x_refsource_BUGTRAQ

libmusicbrainz-rdfparse-bo(28368)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

20060813 Multiple buffer-overflows in libmusicbrainz 2.1.2

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.