Lucene search
K
FreebsdLibarchive

7 matches found

CVE
CVE
added 2012/04/13 8:0 p.m.76 views

CVE-2011-1778

CVE-2011-1778 is a libarchive vulnerability (affecting libarchive up to 2.8.5) described as two heap-based buffer overflows triggered by archiving inputs such as tar (and, per Scientific Linux, ISO9660 images). A remote attacker could cause an application crash or, possibly, execute arbitrary cod...

6.8CVSS8.9AI score0.04246EPSS
CVE
CVE
added 2012/04/13 8:0 p.m.75 views

CVE-2011-1777

CVE-2011-1777 describes two heap-based buffer overflow flaws in libarchive’s ISO9660 handling (archive_read_support_format_iso9660.c: heap_add_entry and relocate_dir) that could crash the application or allow arbitrary code execution via a crafted ISO9660 image. Affected versions are libarchive u...

6.8CVSS8.8AI score0.04246EPSS
CVE
CVE
added 2007/07/14 12:0 a.m.73 views

CVE-2007-3641

CVE-2007-3641 affects libarchive (archive reading of tar/pax). The issue is a miscalculated buffer length in pax extension handling, which can cause a buffer overflow and lead to denial of service (crash) and potentially arbitrary code execution via crafted PAX or TAR archives. Public advisories ...

9.3CVSS9.5AI score0.07432EPSS
CVE
CVE
added 2007/07/14 12:0 a.m.73 views

CVE-2007-3644

Summary (fact-checked): libarchive (archive reading/writing library) is affected by PaX-extension-header processing vulnerabilities. Specifically, CVE-2007-3641 (buffer overflow), CVE-2007-3644 (infinite loop during PaX header handling), and CVE-2007-3645 (NULL pointer dereference when a Pax/TAR ...

4.3CVSS9AI score0.03919EPSS
CVE
CVE
added 2007/07/15 9:0 p.m.73 views

CVE-2007-3645

CVE-2007-3645 refers to a vulnerability in libarchive prior to 2.2.4 where parsing of tar and Pax headers can dereference a NULL pointer or crash when a tar header ends immediately after a Pax extension header or when a Pax extension header is malformed inside a Pax/TAR archive. This can lead to ...

4.3CVSS9AI score0.0344EPSS
CVE
CVE
added 2012/04/13 8:0 p.m.59 views

CVE-2010-4666

CVE-2010-4666 : A buffer overflow in the libarchive library (3.0 pre-release) allows remote attackers to crash the application or cause other impact via a crafted CAB file, due to improper handling of Huffman code data in LZX data. Documented across multiple sources: Red Hat RHSA-2011:1507-01 and...

7.5CVSS7.7AI score0.02103EPSS
CVE
CVE
added 2012/04/13 8:0 p.m.59 views

CVE-2011-1779

CVE-2011-1779 concerns libarchive 2.8.4/2.8.5, with multiple use-after-free vulnerabilities that could be triggered by crafted TAR archives or ISO9660 images. Impact per the sources: remote denial of service (application crash) and possibly other unspecified effects. The provided documents do not...

7.5CVSS7.6AI score0.01371EPSS