CVE-2020-13152

NameCVE-2020-13152
DescriptionA remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amarok (PTS)jessie2.8.0-2.1vulnerable
stretch2.8.0-8vulnerable
sid, trixie3.1.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amaroksource(unstable)(unfixed)unimportant

Notes

Elevated resource usage in client application, no security impact

Search for package or bug name: Reporting problems