Libarchive CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (73 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-14502	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	7.5 High
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2016-10350	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-8688	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-10209	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
CVE-2017-14166	4 Canonical, Debian, Libarchive and 1 more	4 Ubuntu Linux, Debian Linux, Libarchive and 1 more	2025-04-20	N/A
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
CVE-2024-48615	1 Libarchive	1 Libarchive	2025-04-14	7.5 High
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
CVE-2015-8930	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2015-8915	1 Libarchive	1 Libarchive	2025-04-12	N/A
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVE-2015-8927	1 Libarchive	1 Libarchive	2025-04-12	N/A
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
CVE-2015-8918	2 Libarchive, Novell	4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more	2025-04-12	N/A
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2016-4300	2 Libarchive, Redhat	9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more	2025-04-12	N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4809	3 Libarchive, Oracle, Redhat	10 Libarchive, Linux, Enterprise Linux and 7 more	2025-04-12	N/A
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2016-5844	3 Libarchive, Oracle, Redhat	11 Libarchive, Linux, Solaris and 8 more	2025-04-12	N/A
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2015-8919	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
CVE-2015-8921	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8924	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
CVE-2015-8926	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2015-8932	5 Canonical, Debian, Libarchive and 2 more	7 Ubuntu Linux, Debian Linux, Libarchive and 4 more	2025-04-12	N/A
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2016-6250	3 Libarchive, Oracle, Redhat	3 Libarchive, Linux, Enterprise Linux	2025-04-12	N/A
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2015-2304	3 Canonical, Libarchive, Opensuse	3 Ubuntu Linux, Libarchive, Opensuse	2025-04-12	N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

« first previous Page 2 of 4. next last »