libcdio
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | GNU Compact Disc Input and Control Library |
| Version | 2.1.0-3 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-641 | 1.1.0-1 | 2.0.0-1 | High | Fixed | |
| AVG-638 | 0.94-1 | 1.0.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-18201 | AVG-641 | High | Yes | Arbitrary code execution | An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c. |
| CVE-2017-18199 | AVG-638 | Medium | Yes | Denial of service | realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. |
| CVE-2017-18198 | AVG-638 | Medium | Yes | Denial of service | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over- read) or... |