Published: 03/01/2008 Updated: 08/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and previous versions allows context-dependent malicious users to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu libcdio

Debian Bug report logs - #459129 libcdio: CVE-2007-6613 stack-based buffer overflow in print_iso9660_recurse function Package: libcdio; Maintainer for libcdio is Debian QA Group <packages@qadebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Fri, 4 Jan 2008 13:30:54 UTC Severity: grave Tags: patch, securit ...

Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service (core dump) and possibly execute arbitrary code ...

source: wwwsecurityfocuscom/bid/27131/info The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data The issues occur when the 'cd-info' and 'iso-info' programs handle specially crafted ISO files Successfull ...

CWE-119 http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html http://bugs.gentoo.org/show_bug.cgi?id=203777 https://bugzilla.redhat.com/show_bug.cgi?id=427197 http://www.securityfocus.com/bid/27131 http://secunia.com/advisories/28308 http://security.gentoo.org/glsa/glsa-200801-08.xml http://secunia.com/advisories/28569 http://www.mandriva.com/security/advisories?name=MDVSA-2008:037 http://secunia.com/advisories/28796 http://www.ubuntu.com/usn/usn-580-1 http://secunia.com/advisories/28970 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/29242 http://www.vupen.com/english/advisories/2008/0030 https://exchange.xforce.ibmcloud.com/vulnerabilities/39405 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129 https://usn.ubuntu.com/580-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/30985/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-6613

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect