CVE-2006-4197 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-4197 Interim 1 17 2025-03-25T02:06:53Z current 2021-05-30T12:36:33Z 2025-03-25T02:06:53Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-4197 Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DAOL25CCBHMDPDFSND6PGBSBU4KHSL5Q/#DAOL25CCBHMDPDFSND6PGBSBU4KHSL5Q E-Mail link for SUSE-SR:2006:025 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libmusicbrainz-devel-2.1.5-27.86 libmusicbrainz-devel-2.1.5-5.18 libmusicbrainz4-2.1.5-27.79 libmusicbrainz4-2.1.5-27.86 libmusicbrainz4-2.1.5-5.18 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Desktop 12 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Desktop 12 SP1 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Desktop 12 SP2 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Desktop 12 SP3 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Desktop 12 SP4 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise High Performance Computing 12 SP5 libmusicbrainz4-2.1.5-5.18 as a component of SUSE Linux Enterprise Server 11 SP1 libmusicbrainz4-2.1.5-5.18 as a component of SUSE Linux Enterprise Server 11 SP2 libmusicbrainz4-2.1.5-5.18 as a component of SUSE Linux Enterprise Server 11 SP3 libmusicbrainz4-2.1.5-5.18 as a component of SUSE Linux Enterprise Server 11 SP4 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 SP1 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 SP2 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 SP3 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 SP4 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server 12 SP5 libmusicbrainz4-2.1.5-27.79 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libmusicbrainz4-2.1.5-27.86 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libmusicbrainz-devel-2.1.5-5.18 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libmusicbrainz-devel-2.1.5-27.86 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c. CVE-2006-4197 SUSE Linux Enterprise Desktop 12:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Desktop 12 SP1:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Desktop 12 SP2:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Desktop 12 SP3:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Desktop 12 SP4:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise High Performance Computing 12 SP5:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 11 SP1:libmusicbrainz4-2.1.5-5.18 SUSE Linux Enterprise Server 11 SP2:libmusicbrainz4-2.1.5-5.18 SUSE Linux Enterprise Server 11 SP3:libmusicbrainz4-2.1.5-5.18 SUSE Linux Enterprise Server 11 SP4:libmusicbrainz4-2.1.5-5.18 SUSE Linux Enterprise Server 12:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 12 SP1:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 12 SP2:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 12 SP3:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 12 SP4:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server 12 SP5:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libmusicbrainz4-2.1.5-27.79 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libmusicbrainz4-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 11 SP4:libmusicbrainz-devel-2.1.5-5.18 SUSE Linux Enterprise Software Development Kit 12:libmusicbrainz-devel-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP1:libmusicbrainz-devel-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP2:libmusicbrainz-devel-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP3:libmusicbrainz-devel-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP4:libmusicbrainz-devel-2.1.5-27.86 SUSE Linux Enterprise Software Development Kit 12 SP5:libmusicbrainz-devel-2.1.5-27.86 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P