CVE-2017-18201
CRITICALGNU libcdio < 2.0.0 - Double Free in get_cdtext_generic()
Title source: llmDescription
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103190
Patch, Third Party Advisory x_refsource_confirm
https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3246
Scores
CVSS v3
9.8
EPSS
0.0045
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (1)
gnu/libcdio
< 2.0.0
Published
Feb 26, 2018
Tracked Since
Feb 18, 2026