CVE-2015-8836

Publication date 30 March 2016

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
fuseiso	16.04 LTS xenial	Not affected
	15.10 wily	Ignored end of life
	14.04 LTS trusty	Fixed 20070708-3+deb7u1ubuntu14.04.1
	12.04 LTS precise	Fixed 20070708-2+deb6u1build0.12.04.1

How can I get the fixes?
What do statuses mean?

Severity score breakdown

Parameter	Value
Base score	7.3 · High
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugzilla.redhat.com/show_bug.cgi?id=863102
http://www.openwall.com/lists/oss-security/2015/02/06/7
https://bugzilla.redhat.com/show_bug.cgi?id=861358
http://www.openwall.com/lists/oss-security/2015/02/23/9
https://www.cve.org/CVERecord?id=CVE-2015-8836