CVE-2019-19221

2019-11-21T00:00:00
ID UB:CVE-2019-19221
Type ubuntucve
Reporter ubuntu.com
Modified 2019-11-21T00:00:00

Description

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Bugs

  • <https://github.com/libarchive/libarchive/issues/1276>
  • <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287>