K000135439: libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646

Security Advisory Description CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read. CVE-2021-33644 An attacker who submits a crafted tar file with size in...

AZL-34947 CVE-2021-33644 affecting package libtar for versions less than 1.2.20-11

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulongname, causing an out-of-bounds read...

Out-of-bounds

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

CVE-2021-33643

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc0 for a variable gnulonglink, causing an out-of-bounds read...

CVE-2021-33643

CVE-2021-33643 is a vulnerability in the libtar library where an attacker submitting a crafted tar file with a header size of 0 can trigger a call to malloc(0) for gnu_longlink, leading to an out-of-bounds read. The issue is documented across multiple connected sources (open-source Linux distribu...

EulerOS 2.0 SP3 : cairo (EulerOS-SA-2019-2268)

According to the version of the cairo packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling o...

CVE-2017-9814

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...