Yet Another MP3 Tool id3tag_sort function buffer overflow

yamt-id3tagsort-bo (18614) The risk level is classified as HighHigh Risk

Description:

Yet Another MP3 Tool (YAMT) is vulnerable to a buffer overflow, caused by improper bounds checking in the id3tag_sort function of the id3tag.c file. By creating a specially-crafted MP3 file, a remote attacker could overflow a buffer and execute arbitrary code on the system with user privileges, once the file is processed by YAMT.

Platforms Affected:

  • Yet Another MP3 Tool (YAMT), Yet Another MP3 Tool (YAMT) 0.5 and prior

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Gain Access

References:

  • University of Illinois Chicago Web site, YAMT 0.5 id3tag_sort does not check for nasty characters at http://tigger.uic.edu/~jlongs2/holes/yamt.txt.
  • YAMT - Yet Another MP3 Tool Web site, YAMT - Yet Another MP3 Tool at http://yamt.sourceforge.net/.
  • BID-11999: YAMT ID3 Tag Sort Command Execution Vulnerability
  • BID-12: VMS ANALYZE/PROCESS_DUMP Vulnerability
  • CVE-2004-1302: The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.
  • CVE-2005-1847: Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.
  • SA13554: YAMT "id3tag_sort()" Function Vulnerability
  • SECTRACK ID: 1012583: Yet Another MP3 Tool (YAMT) Input Validation Hole in id3tag_sort() Lets Remote Users Execute Arbitrary Commands

Reported:

Dec 16, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page