CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36600 – Ubuntu Security Notice USN-6855-1
https://notcve.org/view.php?id=CVE-2024-36600
14 Jun 2024 — Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. La vulnerabilidad de desbordamiento de búfer en libcdio v2.1.0 permite a un atacante ejecutar código arbitrario a través de un archivo de imagen ISO 9660 manipulado. Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or po... • https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-18201 – libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c
https://notcve.org/view.php?id=CVE-2017-18201
26 Feb 2018 — An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. Se ha descubierto un problema en versiones anteriores a la 2.0.0 de GNU libcdio. Hay una doble liberación (double free) en get_cdtext_generic() en lib/driver/_cdio_generic.c. A double-free flaw was found in the way libcdio handled processing of ISO files. • http://www.securityfocus.com/bid/103190 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2017-18198 – libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
https://notcve.org/view.php?id=CVE-2017-18198
24 Feb 2018 — print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso mod... • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2017-18199 – libcdio: NULL pointer dereference in realloc_symlink in rock.c
https://notcve.org/view.php?id=CVE-2017-18199
24 Feb 2018 — realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado. A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to ... • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 3CVE-2007-6613 – libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6613
03 Jan 2008 — Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. Desbordamiento de búfer basado en pila en la función print_iso9660_recurse de iso-info (src/iso-info.c) en GNU Compact Disc Input and Control Library (libcdio) 0.79 y anteri... • https://www.exploit-db.com/exploits/30985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •