MidnightBSD

Advisories for libarchive

CVE-2013-0211 MEDIUM

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.10
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse opensuse 13.2
fedoraproject fedora 17
libarchive libarchive *
fedoraproject fedora 18
opensuse opensuse 13.1
freebsd freebsd 9.3
CVE-2015-2304 MEDIUM

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.10
canonical ubuntu_linux 14.04
canonical ubuntu_linux 12.04
opensuse opensuse 13.2
libarchive libarchive *
opensuse opensuse 13.1
CVE-2015-8915 MEDIUM

bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2015-8916 MEDIUM

bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
debian debian_linux 8.0
libarchive libarchive *
debian debian_linux 7.0
CVE-2015-8917 MEDIUM

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
debian debian_linux 8.0
libarchive libarchive *
debian debian_linux 7.0
CVE-2015-8918 MEDIUM

The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8919 MEDIUM

The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8920 MEDIUM

The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8921 MEDIUM

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8922 MEDIUM

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
oracle linux 7
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8923 MEDIUM

The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8924 MEDIUM

The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
novell suse_linux_enterprise_server 12.0
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
novell suse_linux_enterprise_software_development_kit 12.0
libarchive libarchive *
novell suse_linux_enterprise_desktop 12.0
CVE-2015-8925 MEDIUM

The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8926 MEDIUM

The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8927 MEDIUM

The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2015-8928 MEDIUM

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8929 MEDIUM

Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8930 MEDIUM

bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8931 MEDIUM

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
debian debian_linux 8.0
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
debian debian_linux 7.0
CVE-2015-8932 MEDIUM

The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
debian debian_linux 8.0
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
debian debian_linux 7.0
CVE-2015-8933 MEDIUM

Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2015-8934 MEDIUM

The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.10
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 12
libarchive libarchive *
suse linux_enterprise_server 12
CVE-2016-10209 MEDIUM

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.2
CVE-2016-10349 MEDIUM

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.2
CVE-2016-10350 MEDIUM

The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.2
CVE-2016-1541 MEDIUM

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2016-4300 MEDIUM

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-4301 MEDIUM

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2016-4302 MEDIUM

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-4809 MEDIUM

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
redhat enterprise_linux_desktop 6.0
oracle linux 7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-5418 MEDIUM

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
redhat openshift 3.1
redhat enterprise_linux_desktop 6.0
oracle linux 7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat openshift 3.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-5844 MEDIUM

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_hpc_node 6.0
oracle solaris 11.3
redhat enterprise_linux_workstation 7.0
oracle linux 6
redhat enterprise_linux_desktop 6.0
oracle linux 7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-6250 HIGH

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
oracle linux 7
libarchive libarchive *
CVE-2016-7166 MEDIUM

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_hpc_node_eus 7.2
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_workstation 7.0
oracle linux 6
redhat enterprise_linux_desktop 6.0
oracle linux 7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server 7.0
libarchive libarchive *
redhat enterprise_linux_server_eus 7.2
CVE-2016-8687 MEDIUM

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.1
opensuse leap 42.2
CVE-2016-8688 MEDIUM

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.1
opensuse leap 42.2
CVE-2016-8689 MEDIUM

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.1
opensuse leap 42.2
CVE-2017-14166 MEDIUM

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.3.2
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
debian debian_linux 8.0
CVE-2017-14501 MEDIUM

An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.3.2
CVE-2017-14502 MEDIUM

read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-193,

Products Affected

Vendor Product Version
libarchive libarchive 3.3.2
CVE-2017-14503 MEDIUM

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.3.2
CVE-2017-5601 MEDIUM

An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
libarchive libarchive 3.2.2
CVE-2018-1000877 MEDIUM

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 29
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
fedoraproject fedora 28
libarchive libarchive *
CVE-2018-1000878 MEDIUM

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
canonical ubuntu_linux 18.10
debian debian_linux 9.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
fedoraproject fedora 30
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 29
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
fedoraproject fedora 28
libarchive libarchive *
CVE-2018-1000879 MEDIUM

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 29
opensuse leap 15.0
fedoraproject fedora 28
libarchive libarchive *
fedoraproject fedora 30
CVE-2018-1000880 MEDIUM

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
fedoraproject fedora 29
opensuse leap 15.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
libarchive libarchive *
fedoraproject fedora 30
CVE-2019-1000019 MEDIUM

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
opensuse leap 15.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 18.04
debian debian_linux 8.0
redhat enterprise_linux_workstation 7.0
fedoraproject fedora 29
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
fedoraproject fedora 28
libarchive libarchive *
CVE-2019-1000020 MEDIUM

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 16.04
fedoraproject fedora 29
opensuse leap 15.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 18.04
debian debian_linux 8.0
redhat enterprise_linux_server 7.0
libarchive libarchive *
CVE-2019-11463 MEDIUM

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2019-18408 MEDIUM

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
debian debian_linux 8.0
libarchive libarchive *
canonical ubuntu_linux 19.04
CVE-2019-19221 LOW

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

CVSS 2.0

Severity: LOW

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.10
libarchive libarchive 3.4.0
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
fedoraproject fedora 32
debian debian_linux 10.0
CVE-2020-21674 MEDIUM

Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
libarchive libarchive 3.4.1
CVE-2020-9308 MEDIUM

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.10
canonical ubuntu_linux 16.04
fedoraproject fedora 31
canonical ubuntu_linux 18.04
fedoraproject fedora 32
libarchive libarchive *
CVE-2021-23177

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Products Affected

Vendor Product Version
redhat codeready_linux_builder -
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
debian debian_linux 10.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux_for_power_little_endian_eus 8.6
fedoraproject fedora 35
redhat enterprise_linux_server_tus 8.6
CVE-2021-31566

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Products Affected

Vendor Product Version
splunk universal_forwarder *
redhat codeready_linux_builder -
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6
splunk universal_forwarder 9.1.0
debian debian_linux 10.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_for_ibm_z_systems_eus 8.6
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux_for_power_little_endian_eus 8.6
fedoraproject fedora 35
redhat enterprise_linux_server_tus 8.6
CVE-2021-36976 MEDIUM

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
splunk universal_forwarder *
apple watchos *
libarchive libarchive *
splunk universal_forwarder 9.1.0
apple macos *
fedoraproject fedora 35
apple iphone_os *
apple ipados *
CVE-2022-26280 MEDIUM

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
fedoraproject fedora 36
libarchive libarchive 3.6.0
CVE-2022-36227

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Products Affected

Vendor Product Version
splunk universal_forwarder *
libarchive libarchive *
splunk universal_forwarder 9.1.0
fedoraproject fedora 37
debian debian_linux 10.0
CVE-2023-30571

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 3.9 LOW CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N 0.8 2.7

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2024-26256

Libarchive Remote Code Execution Vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secure@microsoft.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
microsoft windows_server_2022_23h2 *
fedoraproject fedora 40
fedoraproject fedora 39
libarchive libarchive *
microsoft windows_11_23h2 *
microsoft windows_11_22h2 *
CVE-2024-37407

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

Products Affected

Vendor Product Version
libarchive libarchive 3.7.3
libarchive libarchive *
CVE-2024-48957

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2024-48958

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2025-1632 LOW

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,CWE-476,CWE-476,

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2025-25724

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.0 MEDIUM CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L 1.4 2.5

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L 1.3 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L 1.3 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-5916

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L 1.3 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 1.3 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0
CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 3.9 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L 1.3 2.5

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
libarchive libarchive *
redhat enterprise_linux 7.0
redhat openshift_container_platform 4.0
CVE-2025-60753

An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
libarchive libarchive *
CVE-2026-5121

A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
libarchive libarchive -
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 7.0
redhat hardened_images -
redhat openshift_container_platform 4.0
redhat enterprise_linux 10.0