关键信息 Bug ID: 2292833 CVE ID: CVE-2024-36600 Summary: crafted iso image file leads to arbitrary code execution Product: Security Response Component: vulnerability OS: Linux Priority: medium Severity: medium Reported by: Patrick Del Bello on 2024-06-18 Modified: 2026-01-16 Description Vulnerability: Buffer Overflow Vulnerability Affected Version: libcdio v2.1.0 Impact: Allows an attacker to execute arbitrary code via a crafted ISO 9660 image file Reference: !GitHub repository Additional Notes The problem was introduced in version 2.2.0 and is fixed in version 2.3.0. The pull request that contains the fix is available here. Avoid using version 2.2.0; use either 2.3.0 or 2.1.0.