7 matches found
CVE-2011-1778
CVE-2011-1778 is a libarchive vulnerability (affecting libarchive up to 2.8.5) described as two heap-based buffer overflows triggered by archiving inputs such as tar (and, per Scientific Linux, ISO9660 images). A remote attacker could cause an application crash or, possibly, execute arbitrary cod...
CVE-2011-1777
CVE-2011-1777 describes two heap-based buffer overflow flaws in libarchive’s ISO9660 handling (archive_read_support_format_iso9660.c: heap_add_entry and relocate_dir) that could crash the application or allow arbitrary code execution via a crafted ISO9660 image. Affected versions are libarchive u...
CVE-2007-3641
CVE-2007-3641 affects libarchive (archive reading of tar/pax). The issue is a miscalculated buffer length in pax extension handling, which can cause a buffer overflow and lead to denial of service (crash) and potentially arbitrary code execution via crafted PAX or TAR archives. Public advisories ...
CVE-2007-3644
Summary (fact-checked): libarchive (archive reading/writing library) is affected by PaX-extension-header processing vulnerabilities. Specifically, CVE-2007-3641 (buffer overflow), CVE-2007-3644 (infinite loop during PaX header handling), and CVE-2007-3645 (NULL pointer dereference when a Pax/TAR ...
CVE-2007-3645
CVE-2007-3645 refers to a vulnerability in libarchive prior to 2.2.4 where parsing of tar and Pax headers can dereference a NULL pointer or crash when a tar header ends immediately after a Pax extension header or when a Pax extension header is malformed inside a Pax/TAR archive. This can lead to ...
CVE-2010-4666
CVE-2010-4666 : A buffer overflow in the libarchive library (3.0 pre-release) allows remote attackers to crash the application or cause other impact via a crafted CAB file, due to improper handling of Huffman code data in LZX data. Documented across multiple sources: Red Hat RHSA-2011:1507-01 and...
CVE-2011-1779
CVE-2011-1779 concerns libarchive 2.8.4/2.8.5, with multiple use-after-free vulnerabilities that could be triggered by crafted TAR archives or ISO9660 images. Impact per the sources: remote denial of service (application crash) and possibly other unspecified effects. The provided documents do not...