CVSS: 7.5EPSS: 6%CPEs: 8EXPL: 0CVE-2015-8919 – libarchive: Heap out of bounds read in LHA/LZH parser
https://notcve.org/view.php?id=CVE-2015-8919
14 Jul 2016 — The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. La función lha_read_file_extended_header en archive_read_support_format_lha.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (memoria dinámica fuera de rango) a través de un archivo (1) lzh o (2) lha manipulado. A vulnerability w... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-8916 – libarchive: NULL pointer access in RAR parser through bsdtar
https://notcve.org/view.php?id=CVE-2015-8916
14 Jul 2016 — bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. bsdtar en libarchive en versiones anteriores a 3.2.0 devuelve un código válido sin rellenar la entrada cuando la cabecera es un "archivo dividido en multivolumen RAR," lo que permite a atacantes remotos provocar una denegación de servicio (referencia a pu... • http://rhn.redhat.com/errata/RHSA-2016-1844.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2015-8930 – libarchive: Endless loop in ISO parser
https://notcve.org/view.php?id=CVE-2015-8930
14 Jul 2016 — bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. bsdtar en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una ISO con un directorio que es miembro de si mismo. A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leadi... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8922 – libarchive: NULL pointer access in 7z parser
https://notcve.org/view.php?id=CVE-2015-8922
14 Jul 2016 — The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. La función read_CodersInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo 7z manipulado, relacionado con la est... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8933 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-8933
14 Jul 2016 — Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. Desbordamiento de entero en la función archive_read_format_tar_skip en archive_read_support_format_tar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo tar manipulado. An update that fixes 20 vulnerabilities... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
14 Jul 2016 — The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a sta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8925 – libarchive: Unclear invalid memory read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8925
14 Jul 2016 — The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. La función readline en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida) a través de un archivo mtree manipulado, relacionado con una nueva línea de análisis gramatical. A vulnerability ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8931 – libarchive: Undefined behavior (signed integer overflow) in mtree parser
https://notcve.org/view.php?id=CVE-2015-8931
14 Jul 2016 — Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Múltiples desbordamientos de entero en las funciones (1) get_time_t_max y (2) get_time_t_min en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permiten a atacantes remotos tener impacto no especificado a través de ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8920 – libarchive: Stack out of bounds read in ar parser
https://notcve.org/view.php?id=CVE-2015-8920
14 Jul 2016 — The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. La función lha_ar_read_header en archive_read_support_format_ar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de pila fuera de rango) a través de un archivo ar manipulado. A vulnerability was found in libarchive. A specially crafted AR archiv... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8926 – libarchive: NULL pointer access in RAR parser
https://notcve.org/view.php?id=CVE-2015-8926
14 Jul 2016 — The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. La función archive_read_format_rar_read_data en archive_read_support_format_rar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo rar manipulado. A vulnerability was found in libarchive. A specially crafted RAR file coul... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •