CVE-2015-8836

HIGH

Fedora < 20070708 - Memory Corruption

Title source: rule
STIX 2.1

Description

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/23/9
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/02/06/7
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=863102
Exploit, Issue Tracking, Patch, Technical Description x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=861358
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3551

Scores

CVSS v3 7.3
EPSS 0.0177
EPSS Percentile 75.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (3)
fedoraproject/fedora 16
fedoraproject/fedora 17
fuseiso_project/fuseiso < 20070708
Published Mar 30, 2016
Tracked Since Feb 18, 2026