CVE-2017-18201

CVE-2017-18201 describes a double-free in libcdio's get_cdtext_generic() in lib/driver/_cdio_generic.c, affecting libcdio up to versions prior to 2.0.0. The connected advisories (SUSE, Amazon Linux 2, CentOS/RHEL, EulerOS, etc.) indicate this issue was fixed in their respective libcdio updates (e...

CVE-2017-18199

CVE-2017-18199 affects libcdio (GNU) via realloc_symlink in rock.c. A NULL pointer dereference can be triggered by processing a crafted ISO file, enabling remote denial of service. The vulnerability is present in libcdio versions before 1.0.0. Remediation: upgrade to libcdio 1.0.0 or newer (vendo...

CVE-2017-18198

CVE-2017-18198 affects libcdio’s ISO handling: print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a heap-based buffer over-read (and possibly other impact) by supplying a crafted ISO file. The connected advisories confirm multiple vendors package libc...

CVE-2024-36600

CVE-2024-36600 is a buffer overflow in libcdio 2.2.0 that allows an attacker to execute arbitrary code by crafting an ISO 9660 image. The issue stems from improper handling during parsing, leading to a potential code execution path. A fix exists in libcdio 2.3.0. Affected component: libcdio (libr...

CVE-2007-6613

CVE-2007-6613 is a stack-based buffer overflow in libcdio (libcdio 0.79 and earlier) within the print_iso9660_recurse function of iso-info.c. The overflow can be triggered by a disk or image containing a long Joliet filename, allowing a context-dependent attacker to cause a denial of service (cor...