Ubuntu Security Notice 580-1 - Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking. If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service via a core dump, and possibly execute arbitrary code.
9e4b0a9dc13824192aa65c5fa9427e583bb4a29fe5b549c6b485588ed33ff8eb
Mandriva Linux Security Advisory - A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfault on certain ISOs was also fixed.
fe300ce6a848ba735287c86ae67cf808b28b2815e1bcb3b14c563d7ecc112b29
Gentoo Linux Security Advisory GLSA 200801-08 - Devon Miller reported a boundary error in the print_iso9660_recurse() function in files cd-info.c and iso-info.c when processing long filenames within Joliet images. Versions less than 0.78.2-r4 are affected.
7081bab2d056e39e1da14f5057dc035cbe687acef4ae6402c3081e37b18d02a7