Libarchive CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (73 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-8689	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2016-10350	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-8688	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-10349	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14502	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	7.5 High
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2024-48615	1 Libarchive	1 Libarchive	2025-04-14	7.5 High
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
CVE-2015-8933	3 Canonical, Libarchive, Suse	5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more	2025-04-12	N/A
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CVE-2015-8918	2 Libarchive, Novell	4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more	2025-04-12	N/A
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2015-8921	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8930	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2016-6250	3 Libarchive, Oracle, Redhat	3 Libarchive, Linux, Enterprise Linux	2025-04-12	N/A
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2015-2304	3 Canonical, Libarchive, Opensuse	3 Ubuntu Linux, Libarchive, Opensuse	2025-04-12	N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2016-4300	2 Libarchive, Redhat	9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more	2025-04-12	N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4301	1 Libarchive	1 Libarchive	2025-04-12	N/A
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2015-8916	4 Canonical, Debian, Libarchive and 1 more	4 Ubuntu Linux, Debian Linux, Libarchive and 1 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE-2015-8925	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2016-1541	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-12	N/A
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVE-2015-8924	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVE-2015-8926	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2015-8931	5 Canonical, Debian, Libarchive and 2 more	7 Ubuntu Linux, Debian Linux, Libarchive and 4 more	2025-04-12	N/A
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.

« first previous Page 2 of 4. next last »