Ubuntu
libcdio package

[libcdio] [CVE-2007-6613] stack-based buffer overflow

Bug #191216 reported by disabled.user
256
Affects Status Importance Assigned to Milestone
libcdio (Ubuntu)
Fix Released
Low
Emanuele Gentili
Dapper
Fix Released
Low
Emanuele Gentili
Edgy
Fix Released
Low
Emanuele Gentili
Feisty
Fix Released
Low
Emanuele Gentili
Gutsy
Fix Released
Low
Emanuele Gentili
Hardy
Fix Released
Low
Emanuele Gentili

Bug Description

References:
MDVSA-2008:037 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:037)

Quoting:
"A stack-based buffer overflow was discovered in libcdio that allowed
context-dependent attackers to cause a denial of service (core dump)
and possibly execute arbitrary code via a disk or image file that
contains a long joliet file name.

In addition, a fix for failed UTF-8 conversions that would cause a
segfault on certain ISOs was also fixed."

Revision history for this message
Emanuele Gentili (emgent) wrote :

hardy patched by debian people.

Changed in libcdio:
assignee: nobody → emgent
importance: Undecided → High
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :

gutsy is vulnerable, debdiff attached.

+libcdio (0.76-1ubuntu2.1) gutsy-security; urgency=low
+
+ * SECURITY UPDATE:
+ - CVE-2007-6613: a stack-based buffer overflow in the
+ print_iso9660_recurse function could lead to cause a denial of service
+ or arbitrary code execution if the iso-info tool is used with a crafted
+ iso image (LP: #191216)
+
+ * References
+ - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129
+
+ -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 21:02:43 +0100

Revision history for this message
Emanuele Gentili (emgent) wrote :

dapper is vulnerable, debdiff attached.

+libcdio (0.76-1ubuntu1.1) dapper-security; urgency=low
+
+ * SECURITY UPDATE:
+ - CVE-2007-6613: a stack-based buffer overflow in the
+ print_iso9660_recurse function could lead to cause a denial of service
+ or arbitrary code execution if the iso-info tool is used with a crafted
+ iso image (LP: #191216)
+
+ * References
+ - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129
+
+ -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 21:24:22 +0100

Changed in libcdio:
assignee: nobody → emgent
status: New → In Progress
status: In Progress → Fix Released
assignee: nobody → emgent
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :

Feisty is vulnerable, debdiff attached.

+libcdio (0.76-1ubuntu2.1) feisty-security; urgency=low
+
+ * SECURITY UPDATE:
+ - CVE-2007-6613: a stack-based buffer overflow in the
+ print_iso9660_recurse function could lead to cause a denial of service
+ or arbitrary code execution if the iso-info tool is used with a crafted
+ iso image (LP: #191216)
+
+ * References
+ - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129
+
+ -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 21:46:05 +0100

Changed in libcdio:
assignee: nobody → emgent
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :

Edgy is vulnerable, debdiff attached.

+libcdio (0.76-1ubuntu1.1) edgy-security; urgency=low
+
+ * SECURITY UPDATE:
+ - CVE-2007-6613: a stack-based buffer overflow in the
+ print_iso9660_recurse function could lead to cause a denial of service
+ or arbitrary code execution if the iso-info tool is used with a crafted
+ iso image (LP: #191216)
+
+ * References
+ - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129
+
+ -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 22:05:52 +0100

Changed in libcdio:
assignee: nobody → emgent
status: New → In Progress
Emanuele Gentili (emgent)
Changed in libcdio:
importance: Undecided → Low
importance: High → Low
importance: Undecided → Low
importance: Undecided → Low
importance: Undecided → Low
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libcdio - 0.76-1ubuntu2.7.10.1

---------------
libcdio (0.76-1ubuntu2.7.10.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    - CVE-2007-6613: a stack-based buffer overflow in the
      print_iso9660_recurse function could lead to cause a denial of service
      or arbitrary code execution if the iso-info tool is used with a crafted
      iso image (LP: #191216)

  * References
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129

 -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 21:02:43 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libcdio - 0.76-1ubuntu2.7.04.1

---------------
libcdio (0.76-1ubuntu2.7.04.1) feisty-security; urgency=low

  * SECURITY UPDATE:
    - CVE-2007-6613: a stack-based buffer overflow in the
      print_iso9660_recurse function could lead to cause a denial of service
      or arbitrary code execution if the iso-info tool is used with a crafted
      iso image (LP: #191216)

  * References
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459129

 -- Emanuele Gentili <email address hidden> Tue, 19 Feb 2008 21:46:05 +0100

Changed in libcdio:
status: In Progress → Fix Released
status: In Progress → Fix Released
Emanuele Gentili (emgent)
Changed in libcdio:
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.