USN-5558-1: libcdio vulnerabilities
10 August 2022
Several security issues were fixed in libcdio.
- libcdio - library to read and control digital audio CDs (development files)
Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
The problem can be corrected by updating your system to the following package versions:
- libcdio-paranoia1 - 0.83-4.2ubuntu1+esm1
- libcdio-cdda1 - 0.83-4.2ubuntu1+esm1
- libcdio-utils - 0.83-4.2ubuntu1+esm1
- libcdio13 - 0.83-4.2ubuntu1+esm1
- libiso9660-8 - 0.83-4.2ubuntu1+esm1
- libudf0 - 0.83-4.2ubuntu1+esm1
- libcdio-paranoia1 - 0.83-4.1ubuntu1+esm1
- libcdio-cdda1 - 0.83-4.1ubuntu1+esm1
- libcdio-utils - 0.83-4.1ubuntu1+esm1
- libcdio13 - 0.83-4.1ubuntu1+esm1
- libiso9660-8 - 0.83-4.1ubuntu1+esm1
- libudf0 - 0.83-4.1ubuntu1+esm1
In general, a standard system update will make all the necessary changes.