Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650898 - <dev-libs/libcdio{1.0.0,2.0.0}: Multiple vulnerabilities
Summary: <dev-libs/libcdio{1.0.0,2.0.0}: Multiple vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve blocked]
Depends on: CVE-2017-18201
  Show dependency tree
Reported: 2018-03-19 15:00 UTC by GLSAMaker/CVETool Bot
Modified: 2020-04-16 06:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-19 15:00:09 UTC
CVE-2017-18201 (
  An issue was discovered in GNU libcdio before 2.0.0. There is a double free
  in get_cdtext_generic() in lib/driver/_cdio_generic.c.

CVE-2017-18199 (
  realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote
  attackers to cause a denial of service (NULL Pointer Dereference) via a
  crafted iso file.

CVE-2017-18198 (
  print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows
  remote attackers to cause a denial of service (heap-based buffer over-read)
  or possibly have unspecified other impact via a crafted iso file.

@Maintainers versions 2.0.0 and 1.0.0 already in tree. Please call for stabilization when ready.

Thank you.
Comment 1 NATTkA bot gentoo-dev 2020-04-12 19:30:52 UTC
Resetting sanity check; package list is empty or all packages are done.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2020-04-16 06:56:09 UTC
GLSA Vote: No
Cleanup is being done as part of Depending bug.
Thank you all for you work. 
Closing as [noglsa].