Lucene search
Devon MillerEDB-ID:30985HistoryDec 30, 2007 - 12:00 a.m.
libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow
2007-12-3000:00:00
Devon Miller
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/27131/info
The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
The issues occur when the 'cd-info' and 'iso-info' programs handle specially crafted ISO files.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
The issues affect libcdio 0.79; other versions may also be affected.
Steps to Reproduce:
1. mkdir -p tmp/dir1
2. echo file_with_really_really_long_silly_name_to_test_iso_info_buffer
3. mkisofs -J -R -volid My_Image -o test.iso tmp
4. iso-info -l test.iso Related
openvas
openvas
Fedora Update for libcdio FEDORA-2008-0136
2009-02-17 00:00:00
Mandriva Update for libcdio MDVSA-2008:037 (libcdio)
2009-04-09 00:00:00
SLES10: Security update for libcdio
2009-10-13 00:00:00
ubuntu
ubuntu
libcdio vulnerability
2008-02-20 00:00:00
debiancve
debiancve
CVE-2007-6613
2008-01-03 22:46:00
nessus
nessus
SuSE 10 Security Update : libcdio (ZYPP Patch Number 5060)
2008-03-07 00:00:00
Mandriva Linux Security Advisory : libcdio (MDVSA-2008:037)
2009-04-23 00:00:00
openSUSE 10 Security Update : libcdio (libcdio-5061)
2008-03-07 00:00:00
gentoo
gentoo
libcdio: User-assisted execution of arbitrary code
2008-01-20 00:00:00
ubuntucve
ubuntucve
CVE-2007-6613
2008-01-03 00:00:00
prion
prion
Stack overflow
2008-01-03 22:46:00
seebug
seebug
GNU libcdio库cd-info/iso-info文件栈溢出漏洞
2008-01-08 00:00:00
cvelist
cvelist
CVE-2007-6613
2008-01-03 22:00:00
cve
cve
CVE-2007-6613
2008-01-03 22:46:00
nvd
nvd
CVE-2007-6613
2008-01-03 22:46:00