Published: 30/03/2016 Updated: 27/07/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fuseiso project fuseiso
debian debian linux 7.0
debian debian linux 8.0
fedoraproject fedora 16
fedoraproject fedora 17

Debian Bug report logs - #779047 Two security issues Package: fuseiso; Maintainer for fuseiso is David Paleino <dapal@debianorg>; Source for fuseiso is src:fuseiso (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 23 Feb 2015 17:51:01 UTC Severity: grave Tags: jessie, security, sid, ...

It was discovered that fuseiso, a user-space implementation of the ISO 9660 file system based on FUSE, contains several vulnerabilities CVE-2015-8836 A stack-based buffer overflow may allow attackers who can trick a user into mounting a crafted ISO 9660 file system to cause a denial of service (crash), or, potentially, execute arbitra ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=862211 https://bugzilla.redhat.com/show_bug.cgi?id=863091 http://www.openwall.com/lists/oss-security/2015/02/23/9 http://www.openwall.com/lists/oss-security/2015/02/06/7 http://www.debian.org/security/2016/dsa-3551 https://security.gentoo.org/glsa/202007-20 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779047 https://nvd.nist.gov https://www.debian.org/security/./dsa-3551

CVE-2015-8837

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect