[SECURITY] Fedora 44 Update: kf6-karchive-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with archive functions...

EUVD-2016-7163

Malware in sbrugna...

OSV-2025-256 Global-buffer-overflow in QByteArray::QByteArray

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=408025086 Crash type: Global-buffer-overflow READ 15 Crash state: QByteArray::QByteArray KZip::openArchive KArchive::open...

PT-2025-22954 · Git +1 · Kimageformats

Name of the Vulnerable Software and Affected Versions: KArchive affected versions not specified Description: The software experiences a global-buffer-overflow read issue during archive processing. The crash state indicates the issue occurs within the QByteArray::QByteArray, KZip::openArchive, and...

PT-2025-22633 · Git +1 · Archive

Name of the Vulnerable Software and Affected Versions: KArchive affected versions not specified Description: The software suffers from a global-buffer-overflow read issue. The crash occurs during the parseExtraField function, within the KZip::openArchive and KArchive::open functions...

SUSE CVE-2016-6232

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ dot dot slash in a filename in an archive file, related to KNewsstuff downloads...

karchive:karchive_fuzzer: Stack-buffer-overflow in KTar::KTarPrivate::readHeader

Project: git://anongit.kde.org/karchive Detailed Report: https://oss-fuzz.com/testcase?key=5632739014606848 Project: karchive Fuzzing Engine: honggfuzz Fuzz Target: karchivefuzzer Job Type: honggfuzzasankarchive Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffff7f75a...

karchive:karchive_fuzzer: Use-of-uninitialized-value in crc32_little

Project: git://anongit.kde.org/karchive Detailed Report: https://oss-fuzz.com/testcase?key=5658463115411456 Project: karchive Fuzzing Engine: libFuzzer Fuzz Target: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

bzip2 -- multiple issues

bzip2 developers reports: CVE-2016-3189 - Fix use-after-free in bzip2recover Jakub Martisko CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files Albert Astals Cid. Found through fuzzing karchive...

karchive/karchive_fuzzer: Index-out-of-bounds in BZ2_decompress

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5204259928276992 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzerubsankarchive Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash...

karchive/karchive_fuzzer: Heap-buffer-overflow in decode_buffer

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5702766917320704 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzerasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Crash Address:...

karchive/karchive_fuzzer: Crash in KGzipFilter::uncompress_noop

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5739739270873088 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x72b0000100...

karchive/karchive_fuzzer: Heap-buffer-overflow in KGzipFilter::uncompress_noop

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5658355747520512 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzerasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 2 Crash Addres...

karchive/karchive_fuzzer: Heap-buffer-overflow in inflate_fast

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5726433327972352 Project: karchive Fuzzer: aflkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: aflasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Address:...

karchive/karchive_fuzzer: Heap-buffer-overflow in inflate

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5178838151069696 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzerasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1 Crash Addres...

karchive/karchive_fuzzer: Use-of-uninitialized-value in KTar::openArchive

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5699957392146432 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

karchive/karchive_fuzzer: Use-of-uninitialized-value in QByteArray::setNum

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5649136667328512 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

karchive/karchive_fuzzer: Use-of-uninitialized-value in qstrlen

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5717776674586624 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

karchive/karchive_fuzzer: Use-of-uninitialized-value in KTar::KTarPrivate::readRawHeader

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5721364448673792 Project: karchive Fuzzer: libFuzzerkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: libfuzzermsankarchive Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address:...

karchive/karchive_fuzzer: Heap-buffer-overflow in QByteArray::operator=

Project: git://anongit.kde.org/karchive Detailed report: https://oss-fuzz.com/testcase?key=5750712295751680 Project: karchive Fuzzer: aflkarchivefuzzer Fuzz target binary: karchivefuzzer Job Type: aflasankarchive Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...