AVG-639 log
| Package | lib32-libcdio |
| Status | Unknown |
| Severity | High |
| Type | multiple issues |
| Affected | 0.94-1 |
| Fixed | 2..0.0-1 |
| Current | Removed |
| Ticket | None |
| Created | Mon Feb 26 12:14:56 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-18201 | High | Yes | Arbitrary code execution | An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. |
| CVE-2017-18199 | Medium | Yes | Denial of service | realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. |
| CVE-2017-18198 | Medium | Yes | Denial of service | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over- read) or... |