CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18201 – libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c
https://notcve.org/view.php?id=CVE-2017-18201
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. Se ha descubierto un problema en versiones anteriores a la 2.0.0 de GNU libcdio. Hay una doble liberación (double free) en get_cdtext_generic() en lib/driver/_cdio_generic.c. A double-free flaw was found in the way libcdio handled processing of ISO files. • http://www.securityfocus.com/bid/103190 https://access.redhat.com/errata/RHSA-2018:3246 https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d https://access.redhat.com/security/cve/CVE-2017-18201 https://bugzilla.redhat.com/show_bug.cgi?id=1549707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18198 – libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c
https://notcve.org/view.php?id=CVE-2017-18198
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. print_iso9660_recurse en iso-info.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) o, probablemente, provocar cualquier otro tipo de problema mediante un archivo iso modificado. A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS. • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz http://www.securityfocus.com/bid/103200 https://access.redhat.com/errata/RHSA-2018:3246 https://savannah.gnu.org/bugs/?52265 https://access.redhat.com/security/cve/CVE-2017-18198 https://bugzilla.redhat.com/show_bug.cgi?id=1549644 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18199 – libcdio: NULL pointer dereference in realloc_symlink in rock.c
https://notcve.org/view.php?id=CVE-2017-18199
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. realloc_symlink en rock.c en GNU libcdio, en versiones anteriores a la 1.0.0, permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo iso manipulado. A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files. • http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz http://www.securityfocus.com/bid/103202 https://access.redhat.com/errata/RHSA-2018:3246 https://savannah.gnu.org/bugs/?52264 https://access.redhat.com/security/cve/CVE-2017-18199 https://bugzilla.redhat.com/show_bug.cgi?id=1549701 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2007-6613 – libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-6613
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name. Desbordamiento de búfer basado en pila en la función print_iso9660_recurse de iso-info (src/iso-info.c) en GNU Compact Disc Input and Control Library (libcdio) 0.79 y anteriores permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio (core dump) y posiblemente ejecutar código de su elección mediante un disco o imagen que contiene un nombre de archivo joilet largo. • https://www.exploit-db.com/exploits/30985 http://bugs.gentoo.org/show_bug.cgi?id=203777 http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28308 http://secunia.com/advisories/28569 http://secunia.com/advisories/28796 http://secunia.com/advisories/28970 http://secunia.com/advisories/29242 http://security.gentoo.org/glsa/glsa-200801-08.xml http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •