Vulnerability Details CVE-2017-18199
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 80.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103202
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52264
- http://ftp.gnu.org/gnu/libcdio/libcdio-1.0.0.tar.gz
- http://www.securityfocus.com/bid/103202
- https://access.redhat.com/errata/RHSA-2018:3246
- https://savannah.gnu.org/bugs/?52264
Products affected by CVE-2017-18199
-
cpe:2.3:a:gnu:libcdio:-
-
cpe:2.3:a:gnu:libcdio:0.1
-
cpe:2.3:a:gnu:libcdio:0.2
-
cpe:2.3:a:gnu:libcdio:0.3
-
cpe:2.3:a:gnu:libcdio:0.5
-
cpe:2.3:a:gnu:libcdio:0.6
-
cpe:2.3:a:gnu:libcdio:0.61
-
cpe:2.3:a:gnu:libcdio:0.62
-
cpe:2.3:a:gnu:libcdio:0.63
-
cpe:2.3:a:gnu:libcdio:0.64
-
cpe:2.3:a:gnu:libcdio:0.65
-
cpe:2.3:a:gnu:libcdio:0.66
-
cpe:2.3:a:gnu:libcdio:0.67
-
cpe:2.3:a:gnu:libcdio:0.68
-
cpe:2.3:a:gnu:libcdio:0.69
-
cpe:2.3:a:gnu:libcdio:0.70
-
cpe:2.3:a:gnu:libcdio:0.71
-
cpe:2.3:a:gnu:libcdio:0.72
-
cpe:2.3:a:gnu:libcdio:0.73
-
cpe:2.3:a:gnu:libcdio:0.74
-
cpe:2.3:a:gnu:libcdio:0.75
-
cpe:2.3:a:gnu:libcdio:0.76
-
cpe:2.3:a:gnu:libcdio:0.77
-
cpe:2.3:a:gnu:libcdio:0.78
-
cpe:2.3:a:gnu:libcdio:0.78.1
-
cpe:2.3:a:gnu:libcdio:0.78.2
-
cpe:2.3:a:gnu:libcdio:0.79
-
cpe:2.3:a:gnu:libcdio:0.80
-
cpe:2.3:a:gnu:libcdio:0.81
-
cpe:2.3:a:gnu:libcdio:0.82
-
cpe:2.3:a:gnu:libcdio:0.83
-
cpe:2.3:a:gnu:libcdio:0.90
-
cpe:2.3:a:gnu:libcdio:0.91
-
cpe:2.3:a:gnu:libcdio:0.92
-
cpe:2.3:a:gnu:libcdio:0.93
-
cpe:2.3:a:gnu:libcdio:0.94