50 matches found
K000150321: libarchive vulnerability CVE-2016-10209
Security Advisory Description The archivewstringappendfrommbs function in archivestring.c in libarchive 3.2.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive file. CVE-2016-10209 Impact This vulnerability may result in a...
K000148639: libarchive vulnerabilities CVE-2024-48957 and CVE-2024-48958
Security Advisory Description CVE-2024-48957 executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48958 executefilterdelta in archivereadsupportformatrar.c in libarchive befo...
SUSE-SU-2024:3940-1 Security update for libarchive
This update for libarchive fixes the following issues: - CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability bsc1225972. - CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in executefilterdelta function bsc1231624...
MGASA-2024-0346 Updated libarchive packages fix security vulnerabilities
executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. CVE-2024-48957 executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a...
CVE-2024-48958
A flaw was found in the libarchive library. An out-of-bounds access in the executefilterdelta function in the libarchive/archivereadsupportformatrar.c file can be triggered due to a missing validation when a specially crafted RAR archive is processed. This issue may cause the application linked t...
CVE-2024-48957
executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
CVE-2024-48958
executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
CVE-2024-48958
executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
CVE-2024-48958
CVE-2024-48958 affects libarchive’s archive_read_support_format_rar.c, where execute_filter_delta can trigger out-of-bounds access in crafted archives because src can move beyond dst. Affects libarchive up to version 3.7.4 (pre-3.7.5). Mitigation: upgrade to 3.7.5 or later; the issue is resolved ...
CVE-2024-48958
executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
CVE-2024-48957
CVE-2024-48957 affects libarchive prior to 3.7.5. The vulnerability is in execute_filter_audio within archive_read_support_format_rar.c, allowing out-of-bounds access when processing a crafted archive because src can move beyond dst. Connected documents consistently describe this as a libarchive ...
CVE-2024-48957
executefilteraudio in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst...
SUSE CVE-2015-8920
The arreadheader function in archivereadsupportformatar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service out-of-bounds stack read via a crafted ar file...
SUSE CVE-2020-3327
A vulnerability in the ARJ archive parsing module in Clam AntiVirus ClamAV Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit thi...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...
CVE-2020-24175
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
Buffer overflow
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh extension 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling...
CVE-2020-21674
Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...
CVE-2020-21674
Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...
CVE-2020-21674
Heap-based buffer overflow in archivestringappendfromwcs archivestring.c in libarchive-3.4.1dev allows remote attackers to cause a denial of service out-of-bounds write in heap memory resulting into a crash via a crafted archive file. NOTE: this only affects users who downloaded the development...