Your submission was sent successfully! Close

USN-5558-1: libcdio vulnerabilities

10 August 2022

Several security issues were fixed in libcdio.

Releases

Packages

  • libcdio - library to read and control digital audio CDs (development files)

Details

Zhao Liang discovered that libcdio was not properly performing memory
management operations when processing ISO files, which could result
in a heap buffer overflow or in a NULL pointer dereference. If a user
or automated system were tricked into opening a specially crafted file,
an attacker could possibly use this issue to cause a denial of service.
(CVE-2017-18198, CVE-2017-18199)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04
Ubuntu 14.04

In general, a standard system update will make all the necessary changes.