libcdio-0.92-3.el7

The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices.

Security Fix(es):

* libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198)

* libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199)

* libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2017-18198
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows
remote attackers to cause a denial of service (heap-based buffer
over-read) or possibly have unspecified other impact via a crafted iso
file.
CVE-2017-18199
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote
attackers to cause a denial of service (NULL Pointer Dereference) via a
crafted iso file.
CVE-2017-18201
An issue was discovered in GNU libcdio before 2.0.0. There is a double
free in get_cdtext_generic() in lib/driver/_cdio_generic.c.