Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the CFileId::Parse function of the UDF disc image handler's File Identifier Descriptor parser. An attacker can access sensitive information or cause a crash by crafting a malicious UDF image that triggers an...

EUVD-2026-34850

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

PT-2026-46971

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.11 through 26.00 Description A heap out-of-bounds read of up to 3 bytes exists in the UDF disc image handler's File Identifier Descriptor parser. In the CFileId::Parse function, an alignment-padding loop reads data to reach a...

CVE-2018-25267 UltraISO 9.7.1.3519 Buffer Overflow via Output FileName

UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attackers can craft a malicious filename string with 304 bytes of data followed by SEH record overwrite...

Linux Distros Unpatched Vulnerability : CVE-2026-4426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs...

DEBIAN-CVE-2025-67749

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

CVE-2025-67749 PCSX2 has an Out-of-bounds Read due to unchecked offset and size passed to memcpy

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory...

CVE-2025-67749

CVE-2025-67749 affects PCSX2 up to version 2.5.377. The issue arises from an unchecked offset and size used in a memcpy inside CDVD SCMD 0x91 and 0x8F handlers, allowing an specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory (offset/size controlled via MG heade...

Linux Distros Unpatched Vulnerability : CVE-2025-49589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCSX2 is a free and open-source PlayStation 2 PS2 emulator. A stack-based buffer overflow exists in the KprintfHLE function of PCSX2 versions up to 2.3.414...

SUSE CVE-2024-36600

Buffer Overflow Vulnerability in libcdio 2.2.0 fixed in 2.3.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file...

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

SUSE CVE-2015-8930

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service infinite loop via an ISO with a directory that is a member of itself...

The vulnerability of the file system driver of the Microsoft Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the file system driver for the Microsoft Windows operating system is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created ISO file...

PT-2022-5404 · Microsoft · Windows Cd-Rom File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows CD-ROM File System Driver affected versions not specified Description: The issue is related to an integer overflow in the Windows CD-ROM File System Driver. This allows a remote attacker to execute arbitrary code by using a specially...

CVE-2020-9320

Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security Gateway, Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and...

libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS...

DEBIAN-CVE-2016-6250

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow...

kernel: isofs: unchecked printing of ER records

An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference ER records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory...

kernel: isofs: unchecked printing of ER records

An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference ER records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory...

Debian DLA-155-1 : linux-2.6 security update

This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts. CVE-2013-6885 It was discovered that under specific circumstances, a...