Libarchive Security Vulnerabilities and Issues — Libarchive CVE List

Lucene search

LibarchiveLibarchive

4 matches found

CVE•added 2018/12/20 5:29 p.m.•195 views

CVE-2018-1000877

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in...

8.8CVSS8.3AI score0.01549EPSS

CVE•added 2018/12/20 5:29 p.m.•183 views

CVE-2018-1000880

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage...

6.5CVSS7AI score0.01184EPSS

CVE•added 2018/12/20 5:29 p.m.•179 views

CVE-2018-1000878

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to b...

8.8CVSS8.4AI score0.01757EPSS

CVE•added 2018/12/20 5:29 p.m.•141 views

CVE-2018-1000879

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via t...

6.5CVSS7AI score0.00493EPSS