{"id":"MGASA-2018-0209","summary":"Updated libcdio packages fix security vulnerabilities","details":"A heap corruption bug was found in the way libcdio handled processing of\nISO files. An attacker could potentially use this flaw to crash\napplications using libcdio by tricking them into processing crafted ISO\nfiles, thus resulting in local DoS (CVE-2017-18198).\n\nA NULL pointer dereference flaw was found in the way libcdio handled\nprocessing of ISO files. An attacker could potentially use this flaw to\ncrash applications using libcdio by tricking them into processing\ncrafted ISO files (CVE-2017-18199).\n\nA double-free flaw was found in the way libcdio handled processing of\nISO files. An attacker could potentially use this flaw to crash\napplications using libcdio by tricking them into processing crafted ISO\nfiles (CVE-2017-18201).\n","modified":"2026-04-16T06:25:47.259513518Z","published":"2018-04-22T19:59:03Z","upstream":["CVE-2017-18198","CVE-2017-18199","CVE-2017-18201"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0209.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22740"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/NHBEK7JWO4GCS73UAOQOUFGTMIIMYYTR/"}],"affected":[{"package":{"name":"libcdio","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libcdio?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.94-1.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0209.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}