Filtered by vendor Libarchive Subscriptions
Total 62 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-8916 4 Canonical, Debian, Libarchive and 1 more 4 Ubuntu Linux, Debian Linux, Libarchive and 1 more 2024-08-06 N/A
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE-2015-8925 4 Canonical, Libarchive, Redhat and 1 more 6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more 2024-08-06 N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2015-8918 2 Libarchive, Novell 4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more 2024-08-06 N/A
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2015-2304 3 Canonical, Libarchive, Opensuse 3 Ubuntu Linux, Libarchive, Opensuse 2024-08-06 N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2016-10349 1 Libarchive 1 Libarchive 2024-08-06 N/A
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-10350 1 Libarchive 1 Libarchive 2024-08-06 N/A
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-10209 1 Libarchive 1 Libarchive 2024-08-06 N/A
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
CVE-2016-8689 2 Libarchive, Opensuse 2 Libarchive, Leap 2024-08-06 N/A
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2016-8687 2 Libarchive, Opensuse 2 Libarchive, Leap 2024-08-06 N/A
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2016-8688 2 Libarchive, Opensuse 2 Libarchive, Leap 2024-08-06 N/A
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-7166 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2024-08-06 N/A
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-2016-6250 3 Libarchive, Oracle, Redhat 3 Libarchive, Linux, Enterprise Linux 2024-08-06 N/A
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2016-5844 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Solaris and 8 more 2024-08-06 N/A
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2016-5418 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Enterprise Linux and 8 more 2024-08-06 N/A
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
CVE-2016-4809 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2024-08-06 N/A
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2016-4301 1 Libarchive 1 Libarchive 2024-08-06 N/A
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2016-4302 2 Libarchive, Redhat 9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more 2024-08-06 N/A
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
CVE-2016-4300 2 Libarchive, Redhat 9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more 2024-08-06 N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-1541 2 Libarchive, Redhat 2 Libarchive, Enterprise Linux 2024-08-05 N/A
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVE-2017-14502 2 Libarchive, Redhat 2 Libarchive, Enterprise Linux 2024-08-05 7.5 High
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.