CVE-2024-36600

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36600
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

8.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2292833 Third Party Advisory
https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 Exploit Third Party Advisory
https://github.com/libcdio/libcdio/pull/32 Issue Tracking
https://github.com/libcdio/libcdio/pull/46 Issue Tracking
https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*
History

22 Jan 2026, 21:54

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=2292833 - () https://bugzilla.redhat.com/show_bug.cgi?id=2292833 - Third Party Advisory
References () https://github.com/libcdio/libcdio/pull/32 - () https://github.com/libcdio/libcdio/pull/32 - Issue Tracking
References () https://github.com/libcdio/libcdio/pull/46 - () https://github.com/libcdio/libcdio/pull/46 - Issue Tracking
CPE cpe:2.3:a:gnu:libcdio:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:gnu:libcdio:*:*:*:*:*:*:*:*

20 Jan 2026, 21:16

Type Values Removed Values Added
Summary (en) Buffer Overflow Vulnerability in libcdio in commit 4c840665 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (en) Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
References
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2292833 -
  • () https://github.com/libcdio/libcdio/pull/32 -
  • () https://github.com/libcdio/libcdio/pull/46 -

07 Jan 2026, 18:15

Type Values Removed Values Added
Summary (en) Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. (en) Buffer Overflow Vulnerability in libcdio in commit 4c840665 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

20 Jun 2025, 19:00

Type Values Removed Values Added
First Time Gnu libcdio
Gnu
CPE cpe:2.3:a:gnu:libcdio:2.1.0:*:*:*:*:*:*:*
References () https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 - () https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 - Exploit, Third Party Advisory

21 Nov 2024, 09:22

Type Values Removed Values Added
References () https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 - () https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600 -

03 Jul 2024, 02:03

Type Values Removed Values Added
CWE CWE-121
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.4

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de desbordamiento de búfer en libcdio v2.1.0 permite a un atacante ejecutar código arbitrario a través de un archivo de imagen ISO 9660 manipulado.

14 Jun 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-14 19:15

Updated : 2026-01-22 21:54

NVD link : CVE-2024-36600

Mitre link : CVE-2024-36600

CVE.ORG link : CVE-2024-36600

JSON object : View

Products Affected

gnu

  • libcdio
CWE
CWE-121

Stack-based Buffer Overflow