Key Information Vulnerability Description Vulnerability Type: Multiple buffer-overflow Affected Application: libmusicbrainz Versions: <= 2.1.2 and <= SVN 8406 Platforms: Windows, nix, BSD, Mac and others Vulnerability Details CVE ID: CVE-2006-4197 Risk Level: Medium CVSS Score: - Base Score: 7.5/10 - Impact Subscore: 6.4/10 - Exploitability Subscore: 10/10 - Exploit range: Remote - Attack complexity: Low - Authentication: Not required - Confidentiality impact: Partial - Integrity impact: Partial - Availability impact: Partial Exploitation Remote Exploitation: Yes Local Exploitation: Yes Public Disclosure: 2006.08.18 Vulnerability Details Bug 1: Buffer overflow in function - Can be exploited via malicious URL hostnames in large redirect HTTP responses Bug 2: Multiple buffer overflows in when processing URLs received in RDF data (e.g., large fields) Fix Fix: New version to be released soon Related Links Original vulnerability description Usage examples - A] - B] Other Author: Luigi Auriemma Author Email: aluigi (at) autistici (dot) org Author Website: aluigi.org