{
  "threat_severity" : "Low",
  "public_date" : "2018-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c",
    "id" : "1549644",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549644"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.9",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", "A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3246",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libcdio-0:0.92-3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18198" ],
  "name" : "CVE-2017-18198",
  "csaw" : false
}