Stack-based Buffer Overflow in GNU Compact Disc Input and Control Library
CVE-2007-6613

Currently unrated

Key Information:

Vendor: Gnu
Status: Libcdio
Vendor: CVE Published:; 3 January 2008

Summary

A stack-based buffer overflow exists within the print_iso9660_recurse function of the GNU Compact Disc Input and Control Library (libcdio) version 0.79 and earlier. This vulnerability allows context-specific attackers to exploit the flaw by delivering a specially crafted disk or disk image with excessively long Joliet file names, potentially leading to a denial of service through a core dump. Furthermore, this issue may allow for the execution of arbitrary code, posing significant security risks to affected systems.

References

http://www.ubuntu.com/usn/usn-580-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/29242

third-party-advisoryx_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=427197

x_refsource_CONFIRM

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 3, 2008
Vulnerability Reserved
Jan 3, 2008