Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libarchive
(Libarchive)| Repositories | https://github.com/libarchive/libarchive |
| #Vulnerabilities | 59 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-09-21 | CVE-2016-4300 | Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | Libarchive, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation | 7.8 | ||
| 2016-05-07 | CVE-2016-1541 | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. | Libarchive | 8.8 | ||
| 2017-04-30 | CVE-2016-10350 | The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Libarchive | 5.5 | ||
| 2017-04-30 | CVE-2016-10349 | The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Libarchive | 5.5 | ||
| 2017-04-03 | CVE-2016-10209 | The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. | Libarchive | 5.5 | ||
| 2016-09-20 | CVE-2015-8934 | The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. | Ubuntu_linux, Libarchive, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 5.5 | ||
| 2016-09-20 | CVE-2015-8933 | Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. | Ubuntu_linux, Libarchive, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 5.5 | ||
| 2016-09-20 | CVE-2015-8932 | The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | Ubuntu_linux, Debian_linux, Libarchive, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 5.5 | ||
| 2016-09-20 | CVE-2015-8931 | Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | Ubuntu_linux, Debian_linux, Libarchive, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 7.8 | ||
| 2016-09-20 | CVE-2015-8930 | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. | Ubuntu_linux, Libarchive, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | 7.5 |