What is the severity of CVE-2015-8837?

CVE-2015-8837 is rated as a high severity vulnerability due to the potential for remote code execution through a stack-based buffer overflow.

How do I fix CVE-2015-8837?

To mitigate CVE-2015-8837, it is recommended to update FuseISO to the latest version or apply any available patches.

Which software is affected by CVE-2015-8837?

CVE-2015-8837 affects FuseISO versions up to and including 20070708 and specific versions of Debian and Fedora.

Can CVE-2015-8837 be exploited remotely?

Yes, CVE-2015-8837 can be exploited remotely if an attacker provides a specially crafted ISO file.

What type of vulnerability is CVE-2015-8837?

CVE-2015-8837 is a stack-based buffer overflow vulnerability that occurs during the handling of absolute path filename entries.

Vulnerability/
CVE-2015-8837

high

7.3

CWE

119

4/10/2012

30/3/2016

6/8/2024

CVE-2015-8837: Buffer Overflow

First published: Thu Oct 04 2012(Updated: )

A stack-based buffer overflow flaw was found in the way FuseISO, a FUSE module to mount ISO filesystem images, performed expanding of directories portions for absolute path filename entries. A remote attacker could provide a specially-crafted ISO file that, when mounted via fuseiso tool would lead to fuseiso binary crash or, potentially, arbitrary code execution with the privileges of the user running the fuseiso executable. Note: Since the fuseiso binary on Fedora is compiled with FORTIFY_SOURCE protection enabled, this flaw would allow an attacker to cause fuseiso binary to crash only. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security Team.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FuseISO	<=20070708
Debian	=7.0
Debian	=8.0
Fedora	=16
Fedora	=17

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=862211

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-8837?
CVE-2015-8837 is rated as a high severity vulnerability due to the potential for remote code execution through a stack-based buffer overflow.
How do I fix CVE-2015-8837?
To mitigate CVE-2015-8837, it is recommended to update FuseISO to the latest version or apply any available patches.
Which software is affected by CVE-2015-8837?
CVE-2015-8837 affects FuseISO versions up to and including 20070708 and specific versions of Debian and Fedora.
Can CVE-2015-8837 be exploited remotely?
Yes, CVE-2015-8837 can be exploited remotely if an attacker provides a specially crafted ISO file.
What type of vulnerability is CVE-2015-8837?
CVE-2015-8837 is a stack-based buffer overflow vulnerability that occurs during the handling of absolute path filename entries.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/event
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-8837
agent/weakness
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/fuseiso project
canonical/fuseiso
version/fuseiso/20070708
vendor/debian
canonical/debian
version/debian/7.0
version/debian/8.0
vendor/fedoraproject
canonical/fedora
version/fedora/16
version/fedora/17

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.