Unrated severityNVD Advisory· Published Oct 24, 2019· Updated Aug 5, 2024

CVE-2019-18408

Description

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

libarchive/libarchivedescription
Libarchive/Libarchivellm-fuzzy
Range: <3.4.0
osv-coords27 versions
pkg:rpm/opensuse/bsdtar&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/libarchive&distro=openSUSE%20Leap%2015.1 pkg:rpm/suse/libarchive&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libarchive&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/libarchive&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/libarchive&distro=SUSE%20Manager%20Server%204.0
< 3.5.1-1.5+ 26 more
- (no CPE)range: < 3.5.1-1.5
- (no CPE)range: < 3.3.2-lp150.10.1
- (no CPE)range: < 3.3.2-lp151.5.3.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.2-3.11.1
- (no CPE)range: < 3.3.2-3.11.1
- (no CPE)range: < 3.3.2-3.11.1
- (no CPE)range: < 3.3.2-3.11.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.1.2-26.6.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1
- (no CPE)range: < 3.3.3-3.14.1

Patches

Vulnerability mechanics

References

lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2020:0203mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2020:0246mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2020:0271mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202003-28mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/4169-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4557mitrevendor-advisoryx_refsource_DEBIAN
bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60mitrex_refsource_MISC
github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0mitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/10/msg00034.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/Nov/2mitremailing-listx_refsource_BUGTRAQ
support.f5.com/csp/article/K52144175mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000