Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6613Improper Restriction of Operations within the Bounds of a Memory Buffer in Libcdio

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
23.0%
top 4.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Libcdio
Timeline
PublishedJan 3
Latest updateMay 1

Description

Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/libcdio< 0.78.2+dfsg1-2+3
NVDgnu/libcdio0.79

Patches

Patch: bugs.gentoo.orgPatch: bugs.gentoo.org

🔴Vulnerability Details

3
GHSA
GHSA-gqgc-w8q7-2g6q: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info2022-05-01
CVEList
CVE-2007-6613: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info2008-01-03
OSV
CVE-2007-6613: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info2008-01-03

💥Exploits & PoCs

1
Exploit-DB
libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow2007-12-30

📋Vendor Advisories

3
Ubuntu
libcdio vulnerability2008-02-20
Red Hat
libcdio: long Joliet file name buffer overflow2007-12-30
Debian
CVE-2007-6613: libcdio - Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (s...2007

💬Community

1
Bugzilla
CVE-2007-6613 libcdio: long Joliet file name buffer overflow2008-01-02