CVE-2024-36600

Опубликовано: 14 июн. 2024

Источник: debian

EPSS Низкий

Описание

Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

Пакет	Статус	Релиз	Тип
libcdio	unfixed		package
libcdio	no-dsa	trixie	package
libcdio	not-affected	bookworm	package
libcdio	not-affected	bullseye	package

https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
Introduced by: https://github.com/libcdio/libcdio/commit/4c840665c6d9cf2ff1cf0cd12f91b25030776c74 (2.1.1)
https://github.com/libcdio/libcdio/pull/32
Fixed by: https://github.com/libcdio/libcdio/commit/417478a7474af41c27ab3f876f31783fa06a5dbc (2.2.1.rc1)
https://lists.gnu.org/archive/html/libcdio-devel/2024-04/msg00000.html
https://lists.gnu.org/archive/html/libcdio-devel/2024-05/msg00005.html

EPSS

Процентиль: 24%

0.00085

Низкий

CVE-2024-36600

CVSS3: 8.4

ubuntu

почти 2 года назад

Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

CVE-2024-36600

CVSS3: 7.3

redhat

почти 2 года назад

Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

CVE-2024-36600

CVSS3: 8.4

nvd

почти 2 года назад

Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

GHSA-89w5-xc64-fw9r

CVSS3: 8.4

github

почти 2 года назад

Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

BDU:2024-04922

CVSS3: 7.3

fstec

почти 2 года назад

Уязвимость компонента ISO 9660 Image File Handler библиотеки libcdio, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 24%

0.00085

Низкий