Package "libcdio"
Name: |
libcdio
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- sample applications based on the CDIO libraries
- library to work with ISO9660 filesystems
- library to work with ISO9660 filesystems (development files)
|
Latest version: |
2.0.0-2ubuntu0.2 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "libcdio" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
libcdio (2.0.0-2ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
-- Bruce Cable <email address hidden> Mon, 24 Jun 2024 16:01:37 +1000
|
CVE-2024-36600 |
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. |
|
About
-
Send Feedback to @ubuntu_updates