CVE-2017-18198
Public on 2018-02-24
Modified on 2019-01-25
Description
A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | libcdio | 2019-01-23 | ALAS2-2019-1151 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.9 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L |
| NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |