CVE-2007-6613
published 2008-01-03CVE-2007-6613: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.72%
95.8th percentile
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libcdio | < libcdio 0.78.2+dfsg1-2 (bookworm) | libcdio 0.78.2+dfsg1-2 (bookworm) |
| gnu | libcdio | <= 0.79 | — |
| gnu | libcdio | >= 0 < 0.78.2+dfsg1-2 | 0.78.2+dfsg1-2 |
| gnu | libcdio | >= 0 < 0.78.2+dfsg1-2 | 0.78.2+dfsg1-2 |
| gnu | libcdio | >= 0 < 0.78.2+dfsg1-2 | 0.78.2+dfsg1-2 |
| gnu | libcdio | >= 0 < 0.78.2+dfsg1-2 | 0.78.2+dfsg1-2 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gqgc-w8q7-2g6q: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info
ghsa_unreviewed·2022-05-01
CVE-2007-6613 [MEDIUM] CWE-119 GHSA-gqgc-w8q7-2g6q: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
OSV
CVE-2007-6613: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info
osv·2008-01-03·CVSS 5.0
CVE-2007-6613 [MEDIUM] CVE-2007-6613: Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Ubuntu
libcdio vulnerability
vendor_ubuntu·2008-02-20
CVE-2007-6613 libcdio vulnerability
Title: libcdio vulnerability
Summary: libcdio vulnerability
Devon Miller discovered that the iso-info and cd-info tools did not
properly perform bounds checking. If a user were tricked into using
these tools with a crafted iso image, an attacker could cause a
denial of service (core dump) and possibly execute arbitrary code.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libcdio: long Joliet file name buffer overflow
vendor_redhat·2007-12-30·CVSS 5.0
CVE-2007-6613 [MEDIUM] libcdio: long Joliet file name buffer overflow
libcdio: long Joliet file name buffer overflow
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Debian
CVE-2007-6613: libcdio - Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (s...
vendor_debian·2007·CVSS 5.0
CVE-2007-6613 [MEDIUM] CVE-2007-6613: libcdio - Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (s...
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
Scope: local
bookworm: resolved (fixed in 0.78.2+dfsg1-2)
bullseye: resolved (fixed in 0.78.2+dfsg1-2)
forky: resolved (fixed in 0.78.2+dfsg1-2)
sid: resolved (fixed in 0.78.2+dfsg1-2)
trixie: resolved (fixed in 0.78.2+dfsg1-2)
No detection rules found.
http://bugs.gentoo.org/show_bug.cgi?id=203777http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/28308http://secunia.com/advisories/28569http://secunia.com/advisories/28796http://secunia.com/advisories/28970http://secunia.com/advisories/29242http://security.gentoo.org/glsa/glsa-200801-08.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:037http://www.securityfocus.com/bid/27131http://www.ubuntu.com/usn/usn-580-1http://www.vupen.com/english/advisories/2008/0030https://bugzilla.redhat.com/show_bug.cgi?id=427197https://exchange.xforce.ibmcloud.com/vulnerabilities/39405http://bugs.gentoo.org/show_bug.cgi?id=203777http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://secunia.com/advisories/28308http://secunia.com/advisories/28569http://secunia.com/advisories/28796http://secunia.com/advisories/28970http://secunia.com/advisories/29242http://security.gentoo.org/glsa/glsa-200801-08.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:037http://www.securityfocus.com/bid/27131http://www.ubuntu.com/usn/usn-580-1http://www.vupen.com/english/advisories/2008/0030https://bugzilla.redhat.com/show_bug.cgi?id=427197https://exchange.xforce.ibmcloud.com/vulnerabilities/39405
2008-01-03
Published