{
  "threat_severity" : "Low",
  "public_date" : "2018-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c",
    "id" : "1549707",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549707"
  },
  "cvss3" : {
    "cvss3_base_score" : "2.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.", "A double-free flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:3246",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libcdio-0:0.92-3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libcdio",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-18201\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18201\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887640" ],
  "name" : "CVE-2017-18201",
  "csaw" : false
}