field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service via an ID3_FIELD_TYPE_STRINGLIST field that ends in "\0", which triggers an infinite loop. The updated packages have been patched to correct this.