Package "libudf0t64"
Name: |
libudf0t64
|
Description: |
library to work with UDF filesystems
|
Latest version: |
2.1.0-4.1ubuntu1.2 |
Release: |
noble (24.04) |
Level: |
updates |
Repository: |
main |
Head package: |
libcdio |
Homepage: |
https://www.gnu.org/software/libcdio/ |
Links
Download "libudf0t64"
Other versions of "libudf0t64" in Noble
Changelog
libcdio (2.1.0-4.1ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-36600-1.patch: Allocates space for
growth and additional buffer in lib/iso9660/rock.c
- debian/patches/CVE-2024-36600-2.patch: Limits the maximum read
count to prevent an overflow in lib/driver/_cdio_stdio.c
- debian/patches/CVE-2024-36600-3.patch: Adds input validation to
unicode16_decode function in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-4.patch: Adds bounds checking for
directory buffer size and total size calculation in
lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
dir read (32-bit) in lib/iso9660/iso9660_fs.c
- debian/patches/CVE-2024-36600-6.patch: Checks the validity of
i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c
- debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
only when needed in lib/iso9660/iso9660_fs.c
- CVE-2024-36600
-- Bruce Cable <email address hidden> Mon, 24 Jun 2024 12:34:25 +1000
|
CVE-2024-36600 |
Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. |
|
About
-
Send Feedback to @ubuntu_updates