Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650898 - <dev-libs/libcdio{1.0.0,2.0.0}: Multiple vulnerabilities
Summary: <dev-libs/libcdio{1.0.0,2.0.0}: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa? cve blocked]
Keywords:
Depends on: CVE-2017-18201
Blocks:
  Show dependency tree
 
Reported: 2018-03-19 15:00 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-24 19:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-19 15:00:09 UTC
CVE-2017-18201 (https://nvd.nist.gov/vuln/detail/CVE-2017-18201):
  An issue was discovered in GNU libcdio before 2.0.0. There is a double free
  in get_cdtext_generic() in lib/driver/_cdio_generic.c.

CVE-2017-18199 (https://nvd.nist.gov/vuln/detail/CVE-2017-18199):
  realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote
  attackers to cause a denial of service (NULL Pointer Dereference) via a
  crafted iso file.

CVE-2017-18198 (https://nvd.nist.gov/vuln/detail/CVE-2017-18198):
  print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows
  remote attackers to cause a denial of service (heap-based buffer over-read)
  or possibly have unspecified other impact via a crafted iso file.


@Maintainers versions 2.0.0 and 1.0.0 already in tree. Please call for stabilization when ready.

Thank you.