Vendor CVEs
Libarchive
All CVEs
86 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4736 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2016 | libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2016-6250 | Hig | 0.56 | 8.6 | 0.06 | Sep 21, 2016 | Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. | ||
| CVE-2016-4302 | Hig | 0.51 | 7.8 | 0.05 | Sep 21, 2016 | Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. | ||
| CVE-2016-4301 | Hig | 0.51 | 7.8 | 0.04 | Sep 21, 2016 | Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. | ||
| CVE-2016-4300 | Hig | 0.51 | 7.8 | 0.05 | Sep 21, 2016 | Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | ||
| CVE-2015-8931 | Hig | 0.51 | 7.8 | 0.02 | Sep 20, 2016 | Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. | ||
| CVE-2016-1541 | Hig | 0.51 | 8.8 | 0.10 | May 7, 2016 | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. | ||
| CVE-2015-8921 | Hig | 0.50 | 7.5 | 0.12 | Sep 20, 2016 | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | ||
| CVE-2017-14502 | Hig | 0.49 | 7.5 | 0.03 | Sep 17, 2017 | read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | ||
| CVE-2016-8689 | Hig | 0.49 | 7.5 | 0.03 | Feb 15, 2017 | The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. | ||
| CVE-2016-8687 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2017 | Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. | ||
| CVE-2017-5601 | Hig | 0.49 | 7.5 | 0.04 | Jan 27, 2017 | An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. | ||
| CVE-2016-5418 | Hig | 0.49 | 7.5 | 0.05 | Sep 21, 2016 | The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||
| CVE-2016-4809 | Hig | 0.49 | 7.5 | 0.05 | Sep 21, 2016 | The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | ||
| CVE-2015-8930 | Hig | 0.49 | 7.5 | 0.04 | Sep 20, 2016 | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. | ||
| CVE-2015-8919 | Hig | 0.49 | 7.5 | 0.05 | Sep 20, 2016 | The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. | ||
| CVE-2015-8918 | Hig | 0.49 | 7.5 | 0.04 | Sep 20, 2016 | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | ||
| CVE-2015-8917 | Hig | 0.49 | 7.5 | 0.04 | Sep 20, 2016 | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | ||
| CVE-2017-14166 | Med | 0.43 | 6.5 | 0.03 | Sep 6, 2017 | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | ||
| CVE-2016-5844 | Med | 0.43 | 6.5 | 0.04 | Sep 21, 2016 | Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | ||
| CVE-2015-8916 | Med | 0.43 | 6.5 | 0.03 | Sep 20, 2016 | bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. | ||
| CVE-2026-5121 | Hig | 0.42 | 7.5 | 0.01 | Mar 30, 2026 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could… | ||
| CVE-2026-4424 | Hig | 0.42 | 7.5 | 0.01 | Mar 19, 2026 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a… | ||
| CVE-2026-4111 | Hig | 0.42 | 7.5 | 0.01 | Mar 13, 2026 | A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents… | ||
| CVE-2017-14503 | Med | 0.42 | 6.5 | 0.02 | Sep 17, 2017 | libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | ||
| CVE-2017-14501 | Med | 0.42 | 6.5 | 0.02 | Sep 17, 2017 | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | ||
| CVE-2015-8923 | Med | 0.42 | 6.5 | 0.03 | Sep 20, 2016 | The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | ||
| CVE-2026-5745 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2026 | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the… | ||
| CVE-2016-10350 | Med | 0.36 | 5.5 | 0.02 | May 1, 2017 | The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||
| CVE-2016-10349 | Med | 0.36 | 5.5 | 0.02 | May 1, 2017 | The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||
| CVE-2016-10209 | Med | 0.36 | 5.5 | 0.02 | Apr 3, 2017 | The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. | ||
| CVE-2016-8688 | Med | 0.36 | 5.5 | 0.02 | Feb 15, 2017 | The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in… | ||
| CVE-2016-7166 | Med | 0.36 | 5.5 | 0.02 | Sep 21, 2016 | libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | ||
| CVE-2015-8934 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. | ||
| CVE-2015-8933 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. | ||
| CVE-2015-8932 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | ||
| CVE-2015-8929 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | ||
| CVE-2015-8928 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | ||
| CVE-2015-8927 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. | ||
| CVE-2015-8926 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | ||
| CVE-2015-8925 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. | ||
| CVE-2015-8924 | Med | 0.36 | 5.5 | 0.05 | Sep 20, 2016 | The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. | ||
| CVE-2015-8922 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. | ||
| CVE-2015-8920 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. | ||
| CVE-2015-8915 | Med | 0.36 | 5.5 | 0.02 | Sep 20, 2016 | bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. | ||
| CVE-2026-4426 | Med | 0.35 | 6.5 | 0.00 | Mar 19, 2026 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO… | ||
| CVE-2024-57970 | Med | 0.26 | 4.0 | 0.00 | Feb 16, 2025 | libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. | ||
| CVE-2024-26256 | 0.03 | — | 0.88 | Apr 9, 2024 | Libarchive Remote Code Execution Vulnerability | |||
| CVE-2007-3641 | 0.01 | — | 0.07 | Jul 14, 2007 | archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary… | |||
| CVE-2025-60753 | 0.00 | — | 0.00 | Nov 5, 2025 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash). |
- risk 0.57cvss 8.8epss 0.03
libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file.
- risk 0.56cvss 8.6epss 0.06
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
- risk 0.51cvss 7.8epss 0.05
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
- risk 0.51cvss 7.8epss 0.04
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
- risk 0.51cvss 7.8epss 0.05
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
- risk 0.51cvss 7.8epss 0.02
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
- risk 0.51cvss 8.8epss 0.10
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
- risk 0.50cvss 7.5epss 0.12
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
- risk 0.49cvss 7.5epss 0.03
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
- risk 0.49cvss 7.5epss 0.03
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
- risk 0.49cvss 7.5epss 0.05
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
- risk 0.49cvss 7.5epss 0.04
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
- risk 0.49cvss 7.5epss 0.05
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
- risk 0.49cvss 7.5epss 0.05
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
- risk 0.49cvss 7.5epss 0.04
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
- risk 0.49cvss 7.5epss 0.05
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
- risk 0.49cvss 7.5epss 0.04
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
- risk 0.49cvss 7.5epss 0.04
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
- risk 0.43cvss 6.5epss 0.03
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
- risk 0.43cvss 6.5epss 0.04
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
- risk 0.43cvss 6.5epss 0.03
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
- risk 0.42cvss 7.5epss 0.01
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a…
- risk 0.42cvss 7.5epss 0.01
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents…
- risk 0.42cvss 6.5epss 0.02
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
- risk 0.42cvss 6.5epss 0.02
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
- risk 0.42cvss 6.5epss 0.03
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
- risk 0.36cvss 5.5epss 0.00
A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the…
- risk 0.36cvss 5.5epss 0.02
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.02
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
- risk 0.36cvss 5.5epss 0.02
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in…
- risk 0.36cvss 5.5epss 0.02
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
- risk 0.36cvss 5.5epss 0.02
The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
- risk 0.36cvss 5.5epss 0.02
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
- risk 0.36cvss 5.5epss 0.02
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
- risk 0.36cvss 5.5epss 0.02
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
- risk 0.36cvss 5.5epss 0.02
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
- risk 0.36cvss 5.5epss 0.02
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
- risk 0.36cvss 5.5epss 0.02
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
- risk 0.36cvss 5.5epss 0.02
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
- risk 0.36cvss 5.5epss 0.05
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
- risk 0.36cvss 5.5epss 0.02
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
- risk 0.36cvss 5.5epss 0.02
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
- risk 0.36cvss 5.5epss 0.02
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
- risk 0.35cvss 6.5epss 0.00
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO…
- risk 0.26cvss 4.0epss 0.00
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
- CVE-2024-26256Apr 9, 2024risk 0.03cvss —epss 0.88
Libarchive Remote Code Execution Vulnerability
- CVE-2007-3641Jul 14, 2007risk 0.01cvss —epss 0.07
archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary…
- CVE-2025-60753Nov 5, 2025risk 0.00cvss —epss 0.00
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
Page 1 of 2