CVE-2007-6613

NameCVE-2007-6613
DescriptionStack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs459129

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcdio (PTS)jessie0.83-4.2fixed
stretch0.83-4.3fixed
buster2.0.0-2fixed
bullseye2.1.0-2fixed
bookworm2.1.0-4fixed
sid, trixie2.1.0-4.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcdiosourcesarge(not affected)
libcdiosourceetch(not affected)
libcdiosource(unstable)0.78.2+dfsg1-2low459129

Notes

[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
applications that use libcdio are not vulnerable, problem only lies in the info tool

Search for package or bug name: Reporting problems