CVE-2024-36600 : Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute ar

Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

Published 2024-06-14 00:00:00

Updated 2024-07-03 02:03:25

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2024-36600

Please log in to view affected product information.

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600

My-Reports/CVE-2024-36600 at main · gashasbi/My-Reports · GitHub

Jump to