5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.4%
Package : libarchive
Version : 3.1.2-11+deb8u4
CVE ID : CVE-2015-8915 CVE-2016-8687 CVE-2016-8688
CVE-2016-8689 CVE-2016-10209 CVE-2016-10349
CVE-2016-10350 CVE-2017-5601 CVE-2017-14166
CVE-2017-14501 CVE-2017-14502 CVE-2017-14503
Debian Bug : 853278 875960 875974 875966 874539 840934
840935 861609 859456 861609 784213
Multiple security vulnerabilities were found in libarchive, a
multi-format archive and compression library. Heap-based buffer
over-reads, NULL pointer dereferences and out-of-bounds reads allow
remote attackers to cause a denial-of-service (application crash) via
specially crafted archive files.
For Debian 8 "Jessie", these problems have been fixed in version
3.1.2-11+deb8u4.
We recommend that you upgrade your libarchive packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | i386 | bsdcpio | < 3.0.4-3+wheezy5 | bsdcpio_3.0.4-3+wheezy5_i386.deb |
Debian | 7 | i386 | libarchive12 | < 3.0.4-3+wheezy5 | libarchive12_3.0.4-3+wheezy5_i386.deb |
Debian | 7 | amd64 | bsdcpio | < 3.0.4-3+wheezy5 | bsdcpio_3.0.4-3+wheezy5_amd64.deb |
Debian | 8 | armhf | bsdcpio | < 3.1.2-11+deb8u4 | bsdcpio_3.1.2-11+deb8u4_armhf.deb |
Debian | 8 | armhf | libarchive-dev | < 3.1.2-11+deb8u4 | libarchive-dev_3.1.2-11+deb8u4_armhf.deb |
Debian | 8 | i386 | libarchive13 | < 3.1.2-11+deb8u4 | libarchive13_3.1.2-11+deb8u4_i386.deb |
Debian | 8 | amd64 | libarchive13 | < 3.1.2-11+deb8u4 | libarchive13_3.1.2-11+deb8u4_amd64.deb |
Debian | 7 | armhf | bsdtar | < 3.0.4-3+wheezy5 | bsdtar_3.0.4-3+wheezy5_armhf.deb |
Debian | 8 | i386 | bsdcpio | < 3.1.2-11+deb8u4 | bsdcpio_3.1.2-11+deb8u4_i386.deb |
Debian | 7 | armel | libarchive-dev | < 3.0.4-3+wheezy5 | libarchive-dev_3.0.4-3+wheezy5_armel.deb |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
81.4%