{
  "threat_severity" : "Low",
  "public_date" : "2018-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "libcdio: NULL pointer dereference in realloc_symlink in rock.c",
    "id" : "1549701",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549701"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", "A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3246",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libcdio-0:0.92-3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18199\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18199" ],
  "name" : "CVE-2017-18199",
  "csaw" : false
}