rpm package
suse/libarchive&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5914 | — | < 3.7.2-150600.3.17.1 | 3.7.2-150600.3.17.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in me | ||
| CVE-2025-5918 | — | < 3.7.2-150600.3.17.1 | 3.7.2-150600.3.17.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable progr | ||
| CVE-2025-5917 | — | < 3.7.2-150600.3.17.1 | 3.7.2-150600.3.17.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lead | ||
| CVE-2025-5916 | — | < 3.7.2-150600.3.17.1 | 3.7.2-150600.3.17.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to ind | ||
| CVE-2025-5915 | — | < 3.7.2-150600.3.17.1 | 3.7.2-150600.3.17.1 | Jun 9, 2025 | A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memor | ||
| CVE-2025-25724 | — | < 3.7.2-150600.3.12.1 | 3.7.2-150600.3.12.1 | Mar 2, 2025 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf | ||
| CVE-2025-1632 | — | < 3.7.2-150600.3.12.1 | 3.7.2-150600.3.12.1 | Feb 24, 2025 | A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been discl | ||
| CVE-2024-48958 | — | < 3.7.2-150600.3.9.1 | 3.7.2-150600.3.9.1 | Oct 10, 2024 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | ||
| CVE-2024-48957 | — | < 3.7.2-150600.3.6.1 | 3.7.2-150600.3.6.1 | Oct 10, 2024 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | ||
| CVE-2024-20697 | — | < 3.7.2-150600.3.3.1 | 3.7.2-150600.3.3.1 | Jan 9, 2024 | Windows libarchive Remote Code Execution Vulnerability | ||
| CVE-2024-20696 | — | < 3.7.2-150600.3.3.1 | 3.7.2-150600.3.3.1 | Jan 9, 2024 | Windows libarchive Remote Code Execution Vulnerability |
- CVE-2025-5914Jun 9, 2025affected < 3.7.2-150600.3.17.1fixed 3.7.2-150600.3.17.1
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in me
- CVE-2025-5918Jun 9, 2025affected < 3.7.2-150600.3.17.1fixed 3.7.2-150600.3.17.1
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable progr
- CVE-2025-5917Jun 9, 2025affected < 3.7.2-150600.3.17.1fixed 3.7.2-150600.3.17.1
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lead
- CVE-2025-5916Jun 9, 2025affected < 3.7.2-150600.3.17.1fixed 3.7.2-150600.3.17.1
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to ind
- CVE-2025-5915Jun 9, 2025affected < 3.7.2-150600.3.17.1fixed 3.7.2-150600.3.17.1
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memor
- CVE-2025-25724Mar 2, 2025affected < 3.7.2-150600.3.12.1fixed 3.7.2-150600.3.12.1
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf
- CVE-2025-1632Feb 24, 2025affected < 3.7.2-150600.3.12.1fixed 3.7.2-150600.3.12.1
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been discl
- CVE-2024-48958Oct 10, 2024affected < 3.7.2-150600.3.9.1fixed 3.7.2-150600.3.9.1
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
- CVE-2024-48957Oct 10, 2024affected < 3.7.2-150600.3.6.1fixed 3.7.2-150600.3.6.1
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
- CVE-2024-20697Jan 9, 2024affected < 3.7.2-150600.3.3.1fixed 3.7.2-150600.3.3.1
Windows libarchive Remote Code Execution Vulnerability
- CVE-2024-20696Jan 9, 2024affected < 3.7.2-150600.3.3.1fixed 3.7.2-150600.3.3.1
Windows libarchive Remote Code Execution Vulnerability