ID CVE-2017-18198
Summary print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
References
Vulnerable Configurations
  • GNU libcdio
    cpe:2.3:a:gnu:libcdio
  • GNU libcdio 0.79
    cpe:2.3:a:gnu:libcdio:0.79
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-30A8492364.NASL
    description Added patch to fix: CVE-2017-18198 (#1549644) Added patch to fix: CVE-2017-18199 (#1549701) Added patches to fix: CVE-2017-18201 (#1549707) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-19
    plugin id 107162
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107162
    title Fedora 27 : libcdio (2018-30a8492364)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3246.NASL
    description An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. Security Fix(es) : * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 119000
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119000
    title CentOS 7 : libcdio (CESA-2018:3246)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_LIBCDIO_ON_SL7_X.NASL
    description Security Fix(es) : - libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) - libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) - libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119189
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119189
    title Scientific Linux Security Update : libcdio on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-199E6065EE.NASL
    description Added patch to fix: CVE-2017-18198 (#1549644) Added patch to fix: CVE-2017-18199 (#1549701) Added patches to fix: CVE-2017-18201 (#1549707) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-21
    plugin id 108494
    published 2018-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108494
    title Fedora 26 : libcdio (2018-199e6065ee)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1390.NASL
    description According to the versions of the libcdio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) - libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) - libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119518
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119518
    title EulerOS 2.0 SP3 : libcdio (EulerOS-SA-2018-1390)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2019-1151.NASL
    description A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.(CVE-2017-18198) A double-free flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files.(CVE-2017-18201) A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files.(CVE-2017-18199)
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 121364
    published 2019-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121364
    title Amazon Linux 2 : libcdio (ALAS-2019-1151)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3246.NASL
    description From Red Hat Security Advisory 2018:3246 : An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. Security Fix(es) : * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118780
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118780
    title Oracle Linux 7 : libcdio (ELSA-2018-3246)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1418.NASL
    description According to the versions of the libcdio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) - libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119907
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119907
    title EulerOS 2.0 SP2 : libcdio (EulerOS-SA-2018-1418)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3246.NASL
    description An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. Security Fix(es) : * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118537
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118537
    title RHEL 7 : libcdio (RHSA-2018:3246)
redhat via4
advisories
rhsa
id RHSA-2018:3246
rpms
  • libcdio-0:0.92-3.el7
  • libcdio-devel-0:0.92-3.el7
refmap via4
bid 103200
confirm
Last major update 24-02-2018 - 01:29
Published 24-02-2018 - 01:29
Last modified 31-10-2018 - 06:29
Back to Top