SUSE: Security Advisory (SUSE-SU-2018:0673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcdio (EulerOS-SA-2018-1390)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcdio (EulerOS-SA-2018-1082)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcdio (EulerOS-SA-2018-1081)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : libcdio (openSUSE-2019-599)

This update for libcdio fixes the following issues : The following security vulnerabilities were addressed : - CVE-2017-18199: Fixed a NULL pointer dereference in reallocsymlink in rock.c bsc1082821 - CVE-2017-18201: Fixed a double free vulnerability in getcdtextgeneric in cdiogeneric.c bsc108287...

Amazon Linux 2 : libcdio (ALAS-2019-1151)

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.CVE-2017-18198 A double-free flaw was found in the wa...

SUSE SLED15 / SLES15 Security Update : libcdio (SUSE-SU-2018:2236-1)

This update for libcdio fixes the following issues: The following security vulnerabilities were addressed : - CVE-2017-18199: Fixed a NULL pointer dereference in reallocsymlink in rock.c bsc1082821 - CVE-2017-18201: Fixed a double free vulnerability in getcdtextgeneric in cdiogeneric.c bsc1082877...

Scientific Linux Security Update : libcdio on SL7.x x86_64 (20181030)

Security Fixes : - libcdio: Heap-based buffer over-read in printiso9660recurse function in iso-info.c CVE-2017-18198 - libcdio: NULL pointer dereference in reallocsymlink in rock.c CVE-2017-18199 - libcdio: Double free in getcdtextgeneric in lib/driver/cdiogeneric.c CVE-2017-18201 C Tenable Netwo...

CentOS 7 : libcdio (CESA-2018:3246)

An update for libcdio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Oracle Linux 7 : libcdio (ELSA-2018-3246)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3246 advisory. - fix CVE-2017-18198 and CVE-2017-18199 - fix CVE-2017-18201 Tenable has extracted the preceding description block directly from the Oracle Linux...

libcdio security update

0.92-3 - fix CVE-2017-18198 and CVE-2017-18199 - Resolves: rhbz1553769 - Resolves: rhbz1553604 0.92-2 - fix CVE-2017-18201 - Resolves: rhbz1553621...

openSUSE: Security Advisory for libcdio (openSUSE-SU-2018:2294-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : libcdio (openSUSE-2018-857)

This update for libcdio fixes the following issues : The following security vulnerabilities were addressed : - CVE-2017-18199: Fixed a NULL pointer dereference in reallocsymlink in rock.c bsc1082821 - CVE-2017-18201: Fixed a double free vulnerability in getcdtextgeneric in cdiogeneric.c bsc108287...

Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

Fedora 26 : libcdio (2018-199e6065ee)

Added patch to fix: CVE-2017-18198 1549644 Added patch to fix: CVE-2017-18199 1549701 Added patches to fix: CVE-2017-18201 1549707 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automaticall...

SUSE SLED12 / SLES12 Security Update : libcdio (SUSE-SU-2018:0673-1)

This update for libcdio fixes the following issues : - CVE-2017-18201: Fixed a double free vulnerability bsc1082877. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format i...

CVE-2017-18201

An issue was discovered in GNU libcdio before 2.0.0. There is a double free in getcdtextgeneric in lib/driver/cdiogeneric.c...

CVE-2017-18201

CVE-2017-18201 describes a double-free in libcdio's get_cdtext_generic() in lib/driver/_cdio_generic.c, affecting libcdio up to versions prior to 2.0.0. The connected advisories (SUSE, Amazon Linux 2, CentOS/RHEL, EulerOS, etc.) indicate this issue was fixed in their respective libcdio updates (e...