rpm package
suse/libarchive&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18408 | — | < 3.3.3-3.14.1 | 3.3.3-3.14.1 | Oct 24, 2019 | archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | ||
| CVE-2017-14503 | Med | 6.5 | < 3.3.3-3.14.1 | 3.3.3-3.14.1 | Sep 17, 2017 | libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | |
| CVE-2017-14502 | Hig | 7.5 | < 3.3.3-3.14.1 | 3.3.3-3.14.1 | Sep 17, 2017 | read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | |
| CVE-2017-14501 | Med | 6.5 | < 3.3.3-3.14.1 | 3.3.3-3.14.1 | Sep 17, 2017 | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | |
| CVE-2017-14166 | Med | 6.5 | < 3.3.3-3.14.1 | 3.3.3-3.14.1 | Sep 6, 2017 | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. |
- CVE-2019-18408Oct 24, 2019affected < 3.3.3-3.14.1fixed 3.3.3-3.14.1
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
- affected < 3.3.3-3.14.1fixed 3.3.3-3.14.1
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
- affected < 3.3.3-3.14.1fixed 3.3.3-3.14.1
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
- affected < 3.3.3-3.14.1fixed 3.3.3-3.14.1
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
- affected < 3.3.3-3.14.1fixed 3.3.3-3.14.1
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.