Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for libcdio by gnu
CVE-2024-36600 (GCVE-0-2024-36600)
Vulnerability from nvd – Published: 2024-06-14 00:00 – Updated: 2026-01-20 20:04
VLAI
EPSS
VEX
Summary
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:libcdio:2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libcdio",
"vendor": "gnu",
"versions": [
{
"status": "affected",
"version": "2.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36600",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T19:58:14.360916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T20:01:57.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T20:04:11.488Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292833"
},
{
"url": "https://github.com/libcdio/libcdio/pull/32"
},
{
"url": "https://github.com/libcdio/libcdio/pull/46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36600",
"datePublished": "2024-06-14T00:00:00.000Z",
"dateReserved": "2024-05-30T00:00:00.000Z",
"dateUpdated": "2026-01-20T20:04:11.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-18201 (GCVE-0-2017-18201)
Vulnerability from nvd – Published: 2018-02-26 14:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103190 | vdb-entryx_refsource_BID |
| https://git.savannah.gnu.org/cgit/libcdio.git/com… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103190"
},
{
"name": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d",
"refsource": "CONFIRM",
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18201",
"datePublished": "2018-02-26T14:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18199 (GCVE-0-2017-18199)
Vulnerability from nvd – Published: 2018-02-24 06:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://savannah.gnu.org/bugs/?52264 | x_refsource_CONFIRM |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/103202 | vdb-entryx_refsource_BID |
Date Public
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?52264",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18199",
"datePublished": "2018-02-24T06:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18198 (GCVE-0-2017-18198)
Vulnerability from nvd – Published: 2018-02-24 06:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://savannah.gnu.org/bugs/?52265 | x_refsource_CONFIRM |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103200 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?52265",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18198",
"datePublished": "2018-02-24T06:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6613 (GCVE-0-2007-6613)
Vulnerability from nvd – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2007-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-580-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427197",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=203777",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6613",
"datePublished": "2008-01-03T22:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36600 (GCVE-0-2024-36600)
Vulnerability from cvelistv5 – Published: 2024-06-14 00:00 – Updated: 2026-01-20 20:04
VLAI
EPSS
VEX
Summary
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
Severity
8.4 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:libcdio:2.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libcdio",
"vendor": "gnu",
"versions": [
{
"status": "affected",
"version": "2.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36600",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-14T19:58:14.360916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T20:01:57.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T20:04:11.488Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292833"
},
{
"url": "https://github.com/libcdio/libcdio/pull/32"
},
{
"url": "https://github.com/libcdio/libcdio/pull/46"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36600",
"datePublished": "2024-06-14T00:00:00.000Z",
"dateReserved": "2024-05-30T00:00:00.000Z",
"dateUpdated": "2026-01-20T20:04:11.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-18201 (GCVE-0-2017-18201)
Vulnerability from cvelistv5 – Published: 2018-02-26 14:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103190 | vdb-entryx_refsource_BID |
| https://git.savannah.gnu.org/cgit/libcdio.git/com… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-02-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103190",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "103190",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103190"
},
{
"name": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d",
"refsource": "CONFIRM",
"url": "https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18201",
"datePublished": "2018-02-26T14:00:00.000Z",
"dateReserved": "2018-02-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18199 (GCVE-0-2017-18199)
Vulnerability from cvelistv5 – Published: 2018-02-24 06:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://savannah.gnu.org/bugs/?52264 | x_refsource_CONFIRM |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/103202 | vdb-entryx_refsource_BID |
Date Public
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?52264",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?52264"
},
{
"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
},
{
"name": "103202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18199",
"datePublished": "2018-02-24T06:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-18198 (GCVE-0-2017-18198)
Vulnerability from cvelistv5 – Published: 2018-02-24 06:00 – Updated: 2024-08-05 21:13
VLAI
EPSS
VEX
Summary
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://savannah.gnu.org/bugs/?52265 | x_refsource_CONFIRM |
| http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103200 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:3246 | vendor-advisoryx_refsource_REDHAT |
Date Public
2018-02-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?52265",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?52265"
},
{
"name": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz"
},
{
"name": "103200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103200"
},
{
"name": "RHSA-2018:3246",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18198",
"datePublished": "2018-02-24T06:00:00.000Z",
"dateReserved": "2018-02-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:13:49.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6613 (GCVE-0-2007-6613)
Vulnerability from cvelistv5 – Published: 2008-01-03 22:00 – Updated: 2024-08-07 16:11
VLAI
EPSS
VEX
Summary
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
15 references
Date Public
2007-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-580-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-580-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-580-1"
},
{
"name": "29242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29242"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=427197",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427197"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=203777",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=203777"
},
{
"name": "28308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28308"
},
{
"name": "SUSE-SR:2008:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
},
{
"name": "ADV-2008-0030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0030"
},
{
"name": "[libcdio-devel] 20071231 buffer overrun in cd-info and iso-info and a release?",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html"
},
{
"name": "GLSA-200801-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200801-08.xml"
},
{
"name": "27131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27131"
},
{
"name": "MDVSA-2008:037",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:037"
},
{
"name": "libcdio-printiso9660recurse-bo(39405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39405"
},
{
"name": "28970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28970"
},
{
"name": "28796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28796"
},
{
"name": "28569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6613",
"datePublished": "2008-01-03T22:00:00.000Z",
"dateReserved": "2008-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:06.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}