VDB
GCVE-110-MAGEIA-2015-406
GCVE-110-MAGEIA-2015-406
Advisory Published
An integer overflow, leading to a heap-based buffer overflow flaw was
found in the way FuseISO, a FUSE module to mount ISO filesystem images,
performed reading of certain ZF blocks of particular inodes. A remote
attacker could provide a specially-crafted ISO file that, when mounted via
the fuseiso tool would lead to fuseiso binary crash.
A stack-based buffer overflow flaw was found in the way FuseISO, a FUSE
module to mount ISO filesystem images, performed expanding of directory
portions for absolute path filename entries. A remote attacker could
provide a specially-crafted ISO file that, when mounted via fuseiso tool
would lead to fuseiso binary crash or, potentially, arbitrary code
execution with the privileges of the user running the fuseiso executable.
This issue was discovered by Florian Weimer of Red Hat Product Security
Team. The issue got resolved by checking the resulting length of an
absolute path name and by bailing out if the platform's PATH_MAX value
gets exceeded.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | fuseiso | 0 (affected), 20070708-11.1.mga5 (unaffected) | — |
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.