Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libarchive
(Libarchive)| Repositories | https://github.com/libarchive/libarchive |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-02-20 | CVE-2020-9308 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | Ubuntu_linux, Fedora, Libarchive | 8.8 | ||
| 2022-03-28 | CVE-2022-26280 | Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | Fedora, Libarchive | 6.5 | ||
| 2016-09-20 | CVE-2015-8918 | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 7.5 | ||
| 2016-09-20 | CVE-2015-8919 | The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 7.5 | ||
| 2016-09-20 | CVE-2015-8920 | The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 5.5 | ||
| 2016-09-20 | CVE-2015-8921 | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 7.5 | ||
| 2016-09-20 | CVE-2015-8922 | The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Linux | 5.5 | ||
| 2016-09-20 | CVE-2015-8923 | The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 6.5 | ||
| 2016-09-20 | CVE-2015-8924 | The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. | Ubuntu_linux, Libarchive, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit | 5.5 | ||
| 2023-05-29 | CVE-2023-30571 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. | Libarchive | 5.3 |