Published: 30/03/2016 Updated: 19/02/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 16
fedoraproject fedora 17
fuseiso project fuseiso

Debian Bug report logs - #779047 Two security issues Package: fuseiso; Maintainer for fuseiso is David Paleino <dapal@debianorg>; Source for fuseiso is src:fuseiso (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 23 Feb 2015 17:51:01 UTC Severity: grave Tags: jessie, security, sid, ...

It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities CVE-2015-8836 A stack-based buffer overflow may allow attackers who can trick a user into mounting a crafted ISO 9660 file system to cause a denial of service (crash), or, potentially, execute arbitra ...

CWE-119 http://www.openwall.com/lists/oss-security/2015/02/23/9 https://bugzilla.redhat.com/show_bug.cgi?id=861358 http://www.openwall.com/lists/oss-security/2015/02/06/7 https://bugzilla.redhat.com/show_bug.cgi?id=863102 http://www.debian.org/security/2016/dsa-3551 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779047 https://www.debian.org/security/./dsa-3551 https://nvd.nist.gov

CVE-2015-8836

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect