Your submission was sent successfully! Close

CVE-2017-18199

Published: 24 February 2018

realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.

Notes

AuthorNote
ccdm94
there is no explicit information mentioning what is the
patch for this CVE, but it looks like it might have been
fixed together with other issues in commit b9ab2a9d36a,
according to the comment in the NEWS file. This is the commit
that patches CVE-2017-18198. No other changes made to the
to the code seem to be related to this vulnerability other
than e73a8bb23a4, which looks like an initial version of
something improved by commit b9ab2a9d36a. Commit e73a8bb23a4
fixes issue 52091 which is very similar to the issue that is
CVE-2017-18198. CVE-2017-18199 involves code that is closely
related to the code that is affected by CVE-2017-18198, and
further research indicates that the POC for this latter CVE
no longer causes a crash when commit e73a8bb23a4 is applied,
so it is adequate to assume that it fixes CVE-2017-18199 and
that commit b9ab2a9d36a, the improved version of e73a8bb23a4,
does so as well.
Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libcdio
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.0.0-2)
cosmic Not vulnerable
(1.0.0-2)
disco Not vulnerable
(1.0.0-2)
eoan Not vulnerable
(1.0.0-2)
focal Not vulnerable
(1.0.0-2)
groovy Not vulnerable
(1.0.0-2)
hirsute Not vulnerable
(1.0.0-2)
impish Not vulnerable
(1.0.0-2)
jammy Not vulnerable
(1.0.0-2)
precise Does not exist

trusty
Released (0.83-4.1ubuntu1+esm1)
upstream
Released (1.0.0, 1.0.0-1)
xenial
Released (0.83-4.2ubuntu1+esm1)
Patches:
upstream: https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=e73a8bb23a4405b32cc7708771833f6c4e6b2426
upstream: https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=b9ab2a9d36a216ba1b3a6b4ee465c3ee2b806ec6