CVE-2017-18199

CWE-476NULL Pointer DereferenceCWE-119Buffer Overflow10 documents8 sources
Severity
6.5MEDIUM
EPSS
2.4%
top 14.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libcdio
Timeline
PublishedFeb 24
Latest updateAug 10

Description

realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDgnu/libcdio< 1.0.0
Debianlibcdio< 1.0.0-1+3
Ubuntulibcdio< 0.83-4.1ubuntu1+esm1+1

🔴Vulnerability Details

4
OSV
libcdio vulnerabilities2022-08-10
GHSA
GHSA-g22c-3rrr-vfp7: realloc_symlink in rock2022-05-14
CVEList
CVE-2017-18199: realloc_symlink in rock2018-02-24
OSV
CVE-2017-18199: realloc_symlink in rock2018-02-24

📋Vendor Advisories

3
Ubuntu
libcdio vulnerabilities2022-08-10
Red Hat
libcdio: NULL pointer dereference in realloc_symlink in rock.c2018-02-27
Debian
CVE-2017-18199: libcdio - realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to...2017

💬Community

2
Bugzilla
CVE-2017-18199 libcdio: NULL pointer dereference in realloc_symlink in rock.c2018-02-27
Bugzilla
CVE-2017-18198 CVE-2017-18199 CVE-2017-18201 libcdio: various flaws [fedora-all]2018-02-27
CVE-2017-18199 (MEDIUM CVSS 6.5) | realloc_symlink in rock.c in GNU li | cvebase.io