field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
Exploitability
AV:NAC:LAu:NImpact
C:NI:NA:P5/AV:N/AC:L/Au:N/C:N/I:N/A:P