VYPR

rpm package

suse/libarchive&distro=SUSE Linux Enterprise Desktop 12 SP1

pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1

Vulnerabilities (28)

  • CVE-2015-8923MedSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

  • CVE-2015-8922MedSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

  • CVE-2015-8921HigSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8920MedSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2015-8919HigSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

  • CVE-2015-8918HigSep 20, 2016
    affected < 3.1.2-22.1fixed 3.1.2-22.1

    The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

  • CVE-2016-1541HigMay 7, 2016
    affected < 3.1.2-12.1fixed 3.1.2-12.1

    Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

  • CVE-2015-2304Mar 15, 2015
    affected < 3.1.2-25.1fixed 3.1.2-25.1

    Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Page 2 of 2