Medium severity6.5NVD Advisory· Published Sep 21, 2016· Updated May 6, 2026
CVE-2016-5844
CVE-2016-5844
Description
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryVDB Entry
- blog.fuzzing-project.org/48-Out-of-bounds-read-and-signed-integer-overflow-in-libarchive.htmlnvdExploitThird Party Advisory
- github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22nvdExploit
- github.com/libarchive/libarchive/issues/717nvdExploit
- rhn.redhat.com/errata/RHSA-2016-1844.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1850.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91808nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036173nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/06/23/6nvdMailing List
- www.openwall.com/lists/oss-security/2016/06/24/4nvdMailing List
- www.debian.org/security/2016/dsa-3657nvd
- security.gentoo.org/glsa/201701-03nvd
News mentions
0No linked articles in our index yet.