Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libarchive vulnerabilities (USN-8292-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8292-1 advisory. It was discovered that libarchive incorrectly handled certain RAR archive...

Directory Traversal

Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the createDirectory and createFile methods in LocalFolderExtractor module. An attacker can write arbitrary files to sibling directories by...

USN-8147-1: libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2019-19221 It was discovered that libarchive incorrectly handled certain RAR archive files. If a...

USN-8147-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. CVE-2019-19221 It was discovered that libarchive incorrectly handled certain RAR archive files. If a...

SUSE CVE-2026-4424

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

CVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

libarchive 缓冲区错误漏洞

Libarchive is an open-source multi-format archiving and compression library developed by Libarchive. Libarchive has a buffer error vulnerability, which stems from heap out-of-bounds reads in the RAR archiving processing logic. Improper validation of the LZSS sliding window size after the...

📄 libarchive RAR Double Free / Use-After-Free

This proof of concept demonstrates a memory management flaw in libarchive versions prior to 3.8.0 when handling malformed RAR headers. By supplying a corrupted RAR structure, the code forces error paths during archive parsing, leading to improper cleanup. As a result, the archive object may be...

EUVD-2020-30121

Malware in sbrugna...

EUVD-2004-1902

Malware in sbrugna...

EUVD-2017-6004

Malware in sbrugna...

USN-7601-1 libarchive vulnerabilities

It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. CVE-2025-5914 It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could...

CVE-2020-9295

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious...

CVE-2020-9295

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious...

CVE-2020-9295

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious...

CVE-2020-9295

FortiOS 6.2 running AV engine version 6.00142 and below, FortiOS 6.4 running AV engine version 6.00144 and below and FortiClient 6.2 running AV engine version 6.00137 and below may not immediately detect certain types of malformed or non-standard RAR archives, potentially containing malicious...

UBUNTU-CVE-2024-48957

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

AZL-50315 CVE-2024-48957 affecting package libarchive for versions less than 3.6.1-4

executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...

Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign

A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA Europe, Middle East, and Africa with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...

USN-6805-1 libarchive vulnerability

It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a crash...