16 matches found
Important: Red Hat Security Advisory: podman security update
An update for podman is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
PT-2026-22207
Name of the Vulnerable Software and Affected Versions Junrar versions prior to 7.5.8 Description Junrar is an open source java RAR archive library. A path traversal flaw exists in the LocalFolderExtractor component. When processing a specially crafted RAR archive on Linux/Unix systems, an attacke...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : The Internet Archive Python Library vulnerability (USN-7989-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7989-1 advisory. Pengo Wray discovered that The Internet Archive Python Library incorrectly handled certain file paths when downloading files. An...
OESA-2025-2784 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
JLSEC-2025-241 execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b...
executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
ALSA-2025:14135 Important: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
libarchive 安全漏洞
libarchive is a multi-format archive and compression library open-sourced by libarchive. A security vulnerability exists in libarchive version 3.7.7 and earlier versions, which stems from a null pointer dereference issue contained in the bsdunzip.c file...
Archive 安全漏洞
Archive is a Dart library for encoding and decoding various archive and compression formats such as Zip, Tar, GZip, ZLib and BZip2. A security vulnerability exists in Archive version v3.3.7, which originates from a vulnerability that allows an attacker to spoof zip filenames, resulting in...
OESA-2021-1398 libarchive security update
libarchive is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use...
[SECURITY] [DLA 1287-1] zziplib security update
Package : zziplib Version : 0.13.56-1.1+deb7u2 CVE ID : CVE-2018-6869 It was discovered that there was a uncontrolled memory allocation issue in zziplib, a ZIP archive library. Remote attackers could leverage this vulnerability to cause a denial of service via a specially-crafted file. For Debian...
Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers
Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...
libarchive: Archive Entry with type 1 (hardlink), but has a non-zero data size file overwrite
A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
Ghisler Total Commander FileInfo plugin Denial of Service Vulnerability
Ghisler Total Commander formerly Windows Commander is a suite of disk file management software from the Swiss company Ghisler that replaces Explorer.File Info is one of the file information plug-ins. A security vulnerability exists in the Ghisler Total Commander File Info plug-in. A remote attack...
CVE-2015-2869
Affected software: Total Commander FileInfo plugin (version 2.21 affected, fixed in 2.22 per TALOS report). Vulnerability type: Out‑of‑bounds read leading to denial of service and possible application termination. Root cause: Attacker-controlled fields in COFF Archive and LE structures (Archive M...
CVE-2013-0211
Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper conversion between...