CVE-2026-48681

A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...

Linux Distros Unpatched Vulnerability : CVE-2024-36600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow Vulnerability in libcdio 2.2.0 fixed in 2.3.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. CVE-2024-36600 Not...

MiracleLinux 7 : libcdio-0.92-3.0.1.el7.AXS7 (AXSA:2024-8818:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8818:01 advisory. CVE-2024-36600: Allocate more space for buffer, prevent overflow, CVEs: CVE-2024-36600 Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002367)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002367 advisory. The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service unkillable mount proce...

PT-2026-26290

Name of the Vulnerable Software and Affected Versions libarchive affected versions not specified Description An issue exists in libarchive’s zisofs decompression logic. Improper validation of the pz log2 bs field read from ISO9660 Rock Ridge extensions can lead to undefined behavior. An attacker...

UBUNTU-CVE-2024-36600

Buffer Overflow Vulnerability in libcdio 2.2.0 fixed in 2.3.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file...

K17245: Linux kernel vulnerability CVE-2014-9584

Security Advisory Description The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference ER System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted...

SUSE CVE-2014-9584

The parserockridgeinodeinternal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference ER System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image...

SUSE CVE-2016-5844

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a crafted ISO file...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...

kernel: isofs: unbound recursion when processing relocated directories

It was found that the parserockridgeinodeinternal function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link CL tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the...