vulnerability
Oracle Linux: CVE-2017-18198: ELSA-2018-3246: libcdio security update (LOW) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:L/Au:S/C:P/I:N/A:P) | Feb 27, 2018 | Nov 6, 2018 | Nov 29, 2024 |
Severity
3
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:P)
Published
Feb 27, 2018
Added
Nov 6, 2018
Modified
Nov 29, 2024
Description
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.
A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.
Solutions
oracle-linux-upgrade-libcdiooracle-linux-upgrade-libcdio-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.