Unrated severityNVD Advisory· Published Jun 16, 2003· Updated Apr 16, 2026

CVE-2003-0289

Description

Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.

Affected products

Cdrtools/Cdrecord2 versions
cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/7565nvdExploitPatchVendor Advisory
ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gznvd
forums.gentoo.org/viewtopic.phpnvd
marc.infonvd
marc.infonvd
www.mandriva.com/security/advisoriesnvd
www.securiteam.com/exploits/5ZP0C2AAAC.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/12007nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000