cpio: heap buffer overflow

ID ASA-201501-5
Type archlinux
Reporter Arch Linux
Modified 2015-01-14T00:00:00


A heap-based buffer overflow flaw was reported in cpio's list_file() function. Attempting to extract a malicious cpio archive could cause cpio to crash or, potentially, execute arbitrary code. As noted in the original report, this issue could be trigger via other utilities, such as when running "less".