CVE-2008-7185

GNOME Rhythmbox 0.11.5 - Denial of Service via Long Title Field in Playlist File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7185. PoCs published by Juan Pablo Lopez Yacubian.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in GNOME Rhythmbox by providing a malformed playlist file with an excessively long title field, causing the application to crash. The PoC demonstrates the issue but does not confirm code execution.

Description

GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juan Pablo Lopez Yacubian · textdoslinux

https://www.exploit-db.com/exploits/31968

View Code ZIP pw:eip

This exploit leverages a denial-of-service vulnerability in GNOME Rhythmbox by providing a malformed playlist file with an excessively long title field, causing the application to crash. The PoC demonstrates the issue but does not confirm code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GNOME Rhythmbox 0.11.5

No auth needed

Prerequisites: Ability to deliver a malformed playlist file to the target

MITRE ATT&CK