Vulnerabilites related to gnu - libcdio
Vulnerability from fkie_nvd
Published
2008-01-03 22:46
Modified
2024-11-21 00:40
Severity ?
Summary
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", matchCriteriaId: "B20DC6E0-3612-4DCA-A156-23B51BAB7482", versionEndIncluding: "0.79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en la función print_iso9660_recurse de iso-info (src/iso-info.c) en GNU Compact Disc Input and Control Library (libcdio) 0.79 y anteriores permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (core dump) y posiblemente ejecutar código de su elección mediante un disco o imagen que contiene un nombre de archivo joilet largo.", }, ], id: "CVE-2007-6613", lastModified: "2024-11-21T00:40:35.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-01-03T22:46:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=203777", }, { source: "cve@mitre.org", url: "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28308", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28569", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28796", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/28970", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/29242", }, { source: "cve@mitre.org", url: "http://security.gentoo.org/glsa/glsa-200801-08.xml", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/27131", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-580-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/0030", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=203777", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200801-08.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/27131", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-580-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0030", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103202 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| cve@mitre.org | https://savannah.gnu.org/bugs/?52264 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103202 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://savannah.gnu.org/bugs/?52264 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", matchCriteriaId: "1C6D0E1F-FEE1-40C2-B372-A023B6CE9311", versionEndExcluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", }, { lang: "es", value: "realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado.", }, ], id: "CVE-2017-18199", lastModified: "2024-11-21T03:19:32.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-24T06:29:00.320", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103202", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://savannah.gnu.org/bugs/?52264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://savannah.gnu.org/bugs/?52264", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-26 14:29
Modified
2024-11-21 03:19
Severity ?
Summary
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/103190 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| cve@mitre.org | https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103190 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d | Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", matchCriteriaId: "EFBA40B1-3EE0-4EDC-8ECE-B9C71CCACAB5", versionEndExcluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.", }, { lang: "es", value: "Se ha descubierto un problema en versiones anteriores a la 2.0.0 de GNU libcdio. Hay una doble liberación (double free) en get_cdtext_generic() en lib/driver/_cdio_generic.c.", }, ], id: "CVE-2017-18201", lastModified: "2024-11-21T03:19:33.083", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-26T14:29:00.273", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103190", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-24 06:29
Modified
2024-11-21 03:19
Severity ?
Summary
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/103200 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| cve@mitre.org | https://savannah.gnu.org/bugs/?52265 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3246 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://savannah.gnu.org/bugs/?52265 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*", matchCriteriaId: "1C6D0E1F-FEE1-40C2-B372-A023B6CE9311", versionEndExcluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", }, { lang: "es", value: "print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso modificado.", }, ], id: "CVE-2017-18198", lastModified: "2024-11-21T03:19:32.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-24T06:29:00.240", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103200", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://savannah.gnu.org/bugs/?52265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://savannah.gnu.org/bugs/?52265", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2017-18198
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/?52265 | x_refsource_CONFIRM | |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103200 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:13:49.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://savannah.gnu.org/bugs/?52265", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "103200", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103200", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-23T00:00:00", descriptions: [ { lang: "en", value: "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://savannah.gnu.org/bugs/?52265", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "103200", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103200", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://savannah.gnu.org/bugs/?52265", refsource: "CONFIRM", url: "https://savannah.gnu.org/bugs/?52265", }, { name: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", refsource: "CONFIRM", url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "103200", refsource: "BID", url: "http://www.securityfocus.com/bid/103200", }, { name: "RHSA-2018:3246", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18198", datePublished: "2018-02-24T06:00:00", dateReserved: "2018-02-23T00:00:00", dateUpdated: "2024-08-05T21:13:49.056Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18199
Vulnerability from cvelistv5
Published
2018-02-24 06:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://savannah.gnu.org/bugs/?52264 | x_refsource_CONFIRM | |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/103202 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:13:49.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://savannah.gnu.org/bugs/?52264", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { name: "103202", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103202", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-23T00:00:00", descriptions: [ { lang: "en", value: "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://savannah.gnu.org/bugs/?52264", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { name: "103202", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103202", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://savannah.gnu.org/bugs/?52264", refsource: "CONFIRM", url: "https://savannah.gnu.org/bugs/?52264", }, { name: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", refsource: "CONFIRM", url: "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz", }, { name: "RHSA-2018:3246", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, { name: "103202", refsource: "BID", url: "http://www.securityfocus.com/bid/103202", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18199", datePublished: "2018-02-24T06:00:00", dateReserved: "2018-02-23T00:00:00", dateUpdated: "2024-08-05T21:13:49.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-18201
Vulnerability from cvelistv5
Published
2018-02-26 14:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/103190 | vdb-entry, x_refsource_BID | |
| https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:13:49.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "103190", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103190", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-02-26T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "103190", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103190", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", }, { name: "RHSA-2018:3246", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-18201", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "103190", refsource: "BID", url: "http://www.securityfocus.com/bid/103190", }, { name: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", refsource: "CONFIRM", url: "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d", }, { name: "RHSA-2018:3246", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3246", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-18201", datePublished: "2018-02-26T14:00:00", dateReserved: "2018-02-26T00:00:00", dateUpdated: "2024-08-05T21:13:49.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-6613
Vulnerability from cvelistv5
Published
2008-01-03 22:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:11:06.238Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-580-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-580-1", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29242", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=203777", }, { name: "28308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28308", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2008-0030", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0030", }, { name: "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html", }, { name: "GLSA-200801-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200801-08.xml", }, { name: "27131", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27131", }, { name: "MDVSA-2008:037", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037", }, { name: "libcdio-printiso9660recurse-bo(39405)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405", }, { name: "28970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28970", }, { name: "28796", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28796", }, { name: "28569", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28569", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-12-31T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-580-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-580-1", }, { name: "29242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29242", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=203777", }, { name: "28308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28308", }, { name: "SUSE-SR:2008:005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2008-0030", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0030", }, { name: "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html", }, { name: "GLSA-200801-08", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200801-08.xml", }, { name: "27131", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27131", }, { name: "MDVSA-2008:037", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037", }, { name: "libcdio-printiso9660recurse-bo(39405)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405", }, { name: "28970", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28970", }, { name: "28796", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28796", }, { name: "28569", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28569", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-6613", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-580-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-580-1", }, { name: "29242", refsource: "SECUNIA", url: "http://secunia.com/advisories/29242", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427197", }, { name: "http://bugs.gentoo.org/show_bug.cgi?id=203777", refsource: "CONFIRM", url: "http://bugs.gentoo.org/show_bug.cgi?id=203777", }, { name: "28308", refsource: "SECUNIA", url: "http://secunia.com/advisories/28308", }, { name: "SUSE-SR:2008:005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html", }, { name: "ADV-2008-0030", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0030", }, { name: "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?", refsource: "MLIST", url: "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html", }, { name: "GLSA-200801-08", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200801-08.xml", }, { name: "27131", refsource: "BID", url: "http://www.securityfocus.com/bid/27131", }, { name: "MDVSA-2008:037", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037", }, { name: "libcdio-printiso9660recurse-bo(39405)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405", }, { name: "28970", refsource: "SECUNIA", url: "http://secunia.com/advisories/28970", }, { name: "28796", refsource: "SECUNIA", url: "http://secunia.com/advisories/28796", }, { name: "28569", refsource: "SECUNIA", url: "http://secunia.com/advisories/28569", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-6613", datePublished: "2008-01-03T22:00:00", dateReserved: "2008-01-03T00:00:00", dateUpdated: "2024-08-07T16:11:06.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }