Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libarchive Subscribe
Total 58 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000878 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2019-11-05 6.8 MEDIUM 8.8 HIGH
libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.
CVE-2019-18408 4 Canonical, Debian, Libarchive and 1 more 4 Ubuntu Linux, Debian Linux, Libarchive and 1 more 2019-11-01 5.0 MEDIUM 7.5 HIGH
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
CVE-2017-14502 1 Libarchive 1 Libarchive 2019-10-02 5.0 MEDIUM 7.5 HIGH
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2017-14166 3 Canonical, Debian, Libarchive 3 Ubuntu Linux, Debian Linux, Libarchive 2019-08-15 4.3 MEDIUM 6.5 MEDIUM
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
CVE-2016-10209 1 Libarchive 1 Libarchive 2018-12-28 4.3 MEDIUM 5.5 MEDIUM
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
CVE-2016-10349 1 Libarchive 1 Libarchive 2018-12-28 4.3 MEDIUM 5.5 MEDIUM
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-10350 1 Libarchive 1 Libarchive 2018-12-28 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14501 1 Libarchive 1 Libarchive 2018-12-28 4.3 MEDIUM 6.5 MEDIUM
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
CVE-2017-14503 1 Libarchive 1 Libarchive 2018-12-28 4.3 MEDIUM 6.5 MEDIUM
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
CVE-2016-8689 2 Libarchive, Opensuse 2 Libarchive, Leap 2018-11-30 5.0 MEDIUM 7.5 HIGH
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2015-8915 1 Libarchive 1 Libarchive 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVE-2016-8688 2 Libarchive, Opensuse 2 Libarchive, Leap 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-8687 2 Libarchive, Opensuse 2 Libarchive, Leap 2018-11-30 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2017-5601 1 Libarchive 1 Libarchive 2018-11-30 5.0 MEDIUM 7.5 HIGH
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
CVE-2015-2304 3 Canonical, Libarchive, Opensuse 3 Ubuntu Linux, Libarchive, Opensuse 2018-10-30 6.4 MEDIUM N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2013-0211 5 Canonical, Fedoraproject, Freebsd and 2 more 5 Ubuntu Linux, Fedora, Freebsd and 2 more 2018-10-30 5.0 MEDIUM N/A
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
CVE-2015-8930 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2018-01-04 5.0 MEDIUM 7.5 HIGH
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2015-8928 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8916 3 Canonical, Debian, Libarchive 3 Ubuntu Linux, Debian Linux, Libarchive 2018-01-04 4.3 MEDIUM 6.5 MEDIUM
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE-2015-8925 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2018-01-04 4.3 MEDIUM 5.5 MEDIUM
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.