VYPR

Vendor CVEs

Libarchive

All CVEs

86 total · sorted by risk
  • CVE-2016-4736HigSep 25, 2016
    risk 0.57cvss 8.8epss 0.03

    libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.

  • CVE-2016-6250HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.06

    Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

  • CVE-2016-4302HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

  • CVE-2016-4301HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.04

    Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

  • CVE-2016-4300HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

  • CVE-2015-8931HigSep 20, 2016
    risk 0.51cvss 7.8epss 0.02

    Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

  • CVE-2016-1541HigMay 7, 2016
    risk 0.51cvss 8.8epss 0.10

    Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

  • CVE-2015-8921HigSep 20, 2016
    risk 0.50cvss 7.5epss 0.12

    The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2017-14502HigSep 17, 2017
    risk 0.49cvss 7.5epss 0.03

    read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.

  • CVE-2016-8689HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.03

    The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

  • CVE-2016-8687HigFeb 15, 2017
    risk 0.49cvss 7.5epss 0.05

    Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

  • CVE-2017-5601HigJan 27, 2017
    risk 0.49cvss 7.5epss 0.04

    An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.

  • CVE-2016-5418HigSep 21, 2016
    risk 0.49cvss 7.5epss 0.05

    The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

  • CVE-2016-4809HigSep 21, 2016
    risk 0.49cvss 7.5epss 0.05

    The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.

  • CVE-2015-8930HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.

  • CVE-2015-8919HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.05

    The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.

  • CVE-2015-8918HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."

  • CVE-2015-8917HigSep 20, 2016
    risk 0.49cvss 7.5epss 0.04

    bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.

  • CVE-2017-14166MedSep 6, 2017
    risk 0.43cvss 6.5epss 0.03

    libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

  • CVE-2016-5844MedSep 21, 2016
    risk 0.43cvss 6.5epss 0.04

    Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

  • CVE-2015-8916MedSep 20, 2016
    risk 0.43cvss 6.5epss 0.03

    bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.

  • CVE-2026-5121HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could…

  • CVE-2026-4424HigMar 19, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a…

  • CVE-2026-4111HigMar 13, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents…

  • CVE-2017-14503MedSep 17, 2017
    risk 0.42cvss 6.5epss 0.02

    libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

  • CVE-2017-14501MedSep 17, 2017
    risk 0.42cvss 6.5epss 0.02

    An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.

  • CVE-2015-8923MedSep 20, 2016
    risk 0.42cvss 6.5epss 0.03

    The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.

  • CVE-2026-5745MedApr 7, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the…

  • CVE-2016-10350MedMay 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2016-10349MedMay 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2016-10209MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

  • CVE-2016-8688MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in…

  • CVE-2016-7166MedSep 21, 2016
    risk 0.36cvss 5.5epss 0.02

    libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.

  • CVE-2015-8934MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

  • CVE-2015-8933MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

  • CVE-2015-8932MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.

  • CVE-2015-8929MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

  • CVE-2015-8928MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8927MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

  • CVE-2015-8926MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.

  • CVE-2015-8925MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

  • CVE-2015-8924MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.05

    The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

  • CVE-2015-8922MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

  • CVE-2015-8920MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2015-8915MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

  • CVE-2026-4426MedMar 19, 2026
    risk 0.35cvss 6.5epss 0.00

    A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO…

  • CVE-2024-57970MedFeb 16, 2025
    risk 0.26cvss 4.0epss 0.00

    libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

  • CVE-2024-26256Apr 9, 2024
    risk 0.03cvss epss 0.88

    Libarchive Remote Code Execution Vulnerability

  • CVE-2007-3641Jul 14, 2007
    risk 0.01cvss epss 0.07

    archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2025-60753Nov 5, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).

Page 1 of 2