Libarchive Security Vulnerabilities and Issues — Libarchive CVE List

Lucene search

LibarchiveLibarchive

5 matches found

CVE•added 2020/02/20 7:15 a.m.•207 views

CVE-2020-9308

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.

8.8CVSS8.7AI score0.00702EPSS

CVE•added 2018/12/20 5:29 p.m.•195 views

CVE-2018-1000877

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in...

8.8CVSS8.3AI score0.01549EPSS

CVE•added 2018/12/20 5:29 p.m.•179 views

CVE-2018-1000878

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to b...

8.8CVSS8.4AI score0.01757EPSS

CVE•added 2016/05/07 10:59 a.m.•135 views

CVE-2016-1541

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

8.8CVSS8.5AI score0.09266EPSS

CVE•added 2016/09/21 2:25 p.m.•114 views

CVE-2016-6250

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

8.6CVSS8.8AI score0.02019EPSS