An issue was discovered in GNU libcdio before 2.0.0. There is a double free
in get_cdtext_generic() in lib/driver/_cdio_generic.c.
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote
attackers to cause a denial of service (NULL Pointer Dereference) via a
crafted iso file.
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows
remote attackers to cause a denial of service (heap-based buffer over-read)
or possibly have unspecified other impact via a crafted iso file.
@Maintainers versions 2.0.0 and 1.0.0 already in tree. Please call for stabilization when ready.