Page 2 of 49 results (0.012 seconds)

CVSS: 8.1EPSS: 1%CPEs: 7EXPL: 0

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. La función archive_read_format_rar_read_data en el archivo archive_read_support_format_rar.c en libarchive versiones anteriores a 3.4.0, presenta un uso de la memoria previamente liberada en una determinada situación de ARCHIVE_FAILED, relacionada con Ppmd7_DecodeSymbol. A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2020:0203 https://access.redhat.com/errata/RHSA-2020:0246 https://access.redhat.com/errata/RHSA-2020:0271 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 https://github.com/libarchive/libarchive/compare/v3.3.3.. • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. Una pérdida de memoria en la función archive_read_format_zip_cleanup en el archivo archive_read_support_format_zip.c en libarchive 3.3.4-dev permite a los atacantes remotos provocar una Denegación de Servicio a través de un archivo ZIP creado debido a un error tipográfico HAVE_LZMA_H. NOTA: esto solo impacta a los usuarios que descargaron el código de desarrollo de GitHub. • https://access.redhat.com/security/cve/cve-2019-11463 https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 https://github.com/libarchive/libarchive/issues/1165 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 1

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. libarchive en versiones desde el commit con ID bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 y siguientes (desde la versión v3.0.2) contiene una vulnerabilidad CWE-125: lectura fuera de límites en la descompresión 7zip (header_bytes() en archive_read_support_format_7zip.c) que puede resultar en un cierre inesperado (denegación de servicio). El ataque parece ser explotable si una víctima abre un archivo 7zip especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1 https://lists.debian.org/debian-lts-anno • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. libarchive, en versiones desde el commit con ID 5a98dcf8a86364b3c2c469c85b93647dfb139961 (desde la versión v2.8.0) contiene una vulnerabilidad CWE-835: bucle con condición de salida inalcanzable (bucle infinito) en el analizador ISO9660, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() que puede resultar en una denegación de servicio (DoS) por bucle infinito. El ataque parece ser explotable si una víctima abre un archivo ISO9660 especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://github.com/libarchive/libarchive/pull/1120 https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423 https://lists.debian.org/debian-lts-anno • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-415: doble liberación (double free) en el descodificador RAR; libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) con new_size = 0, lo que puede resultar en un cierre inesperado/denegación de servicio (DoS). El ataque parece ser explotable si una víctima abre un archivo RAR especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html http://www.securityfocus.com/bid/106324 https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://gith • CWE-415: Double Free CWE-416: Use After Free •