CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1000878 – libarchive: Use after free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000878
20 Dec 2018 — libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) contiene una vulnerabilidad CWE-416:... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1000877 – libarchive: Double free in RAR decoder resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-1000877
20 Dec 2018 — libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. libarchive, con el commit con ID 416694915449219d505531b1096384f3237dd6cc y siguientes (desde la v3.1.0) cont... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000879
https://notcve.org/view.php?id=CVE-2018-1000879
20 Dec 2018 — libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. libarchive, con el commit con ID 379867ecb330b3a952fb7bfa7bffb7bbd5547205 y siguientes (desde la v3.3.0) contiene una vulnerabilidad CWE-476: desreferencia de ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2018-1000880 – Debian Security Advisory 4360-1
https://notcve.org/view.php?id=CVE-2018-1000880
20 Dec 2018 — libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. libarchive, con el commit con ID 9693801580c0cf7c70e862d305270a16b52826a7 y siguientes (desde la v3.2.0... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14501 – Debian Security Advisory 4360-1
https://notcve.org/view.php?id=CVE-2017-14501
17 Sep 2017 — An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. Existe un error de lectura fuera de límites en parse_file_info de archive_read_support_format_iso9660.c en libarchive 3.3.2 cuando se extraen archivos .iso iso9660 especialmente manipulados. Esto está relacionado con archive_read_format_iso9660_read_header. It was discovered that libarchive ... • https://bugs.debian.org/875966 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14502 – Red Hat Security Advisory 2021-3016-01
https://notcve.org/view.php?id=CVE-2017-14502
17 Sep 2017 — read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. Existe un error por un paso en read_header de archive_read_support_format_rar.c en libarchive 3.3.2 para los nombres UTF-16 en archivos RAR, lo que provoca una lectura fuera de límites en archive_read_format_rar_read_header. Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanc... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 • CWE-125: Out-of-bounds Read CWE-193: Off-by-one Error •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14503 – libarchive: Out-of-bounds read in lha_read_data_none
https://notcve.org/view.php?id=CVE-2017-14503
17 Sep 2017 — libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. libarchive 3.3.2 sufre una lectura fuera de límites en lha_read_data_none() en archive_read_support_format_lha.c cuando se extraen archivos lha especialmente manipulados. Esto está relacionado con lha_crc16. The libarchive programming library can create and read several different streaming archive formats, including GNU ta... • https://access.redhat.com/errata/RHSA-2019:2298 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 0CVE-2017-14166 – Debian Security Advisory 4360-1
https://notcve.org/view.php?id=CVE-2017-14166
06 Sep 2017 — libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. libarchive 3.3.2 permite a los atacantes remotos provocar una denegación de servicio (sobrelectura de búfer basada en montículos xml_data y fallo de aplicación) mediante un archivo xar manipulado. Esto está relacionado con la mala gestión de strings ... • https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c • CWE-125: Out-of-bounds Read •