6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
libarchive is vulnerable to arbitrary code execution. The vulnerability exists when a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CPE | Name | Operator | Version |
---|---|---|---|
libarchive | eq | 2.8.3__2.el6 | |
libarchive | eq | 2.8.3__2.el6 |
code.google.com/p/libarchive/source/detail?r=3158
lists.apple.com/archives/security-announce/2012/May/msg00001.html
secunia.com/advisories/48034
support.apple.com/kb/HT5281
www.debian.org/security/2012/dsa-2413
access.redhat.com/errata/RHSA-2011:1507
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=705849
rhn.redhat.com/errata/RHSA-2011-1507.html