A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Amarok | Kde | 2.8.0 (including) | 2.8.0 (including) |
| Amarok | Ubuntu | bionic | * |
| Amarok | Ubuntu | esm-apps/xenial | * |
| Amarok | Ubuntu | oracular | * |
| Amarok | Ubuntu | plucky | * |
| Amarok | Ubuntu | questing | * |
| Amarok | Ubuntu | trusty | * |
| Amarok | Ubuntu | xenial | * |