Package "libcdio19"
Name: |
libcdio19
|
Description: |
library to read and control CD-ROM
|
Latest version: |
2.1.0-3ubuntu0.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
main |
Head package: |
libcdio |
Homepage: |
https://www.gnu.org/software/libcdio/ |
Links
Download "libcdio19"
Other versions of "libcdio19" in Jammy
Changelog
libcdio (2.1.0-3ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
-- Bruce Cable <email address hidden> Mon, 24 Jun 2024 16:01:03 +1000
|
CVE-2024-36600 |
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. |
|
About
-
Send Feedback to @ubuntu_updates