CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8920 – libarchive: Stack out of bounds read in ar parser
https://notcve.org/view.php?id=CVE-2015-8920
14 Jul 2016 — The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. La función lha_ar_read_header en archive_read_support_format_ar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de pila fuera de rango) a través de un archivo ar manipulado. A vulnerability was found in libarchive. A specially crafted AR archiv... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
14 Jul 2016 — The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a sta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8922 – libarchive: NULL pointer access in 7z parser
https://notcve.org/view.php?id=CVE-2015-8922
14 Jul 2016 — The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. La función read_CodersInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo 7z manipulado, relacionado con la est... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2015-8923 – libarchive: Unclear crashes in ZIP parser
https://notcve.org/view.php?id=CVE-2015-8923
14 Jul 2016 — The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. La función process_extra en libarchive en versiones anteriores a 3.2.0 utiliza el campo de tamaño y un número con signo en un desplazamiento, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo zip manipulado. A vulnerability was found in libarchive. A specially ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2015-8924 – libarchive: Heap out of bounds read in TAR parser
https://notcve.org/view.php?id=CVE-2015-8924
14 Jul 2016 — The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. La función archive_read_format_tar_read_header en archive_read_support_format_tar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo tar manipulado. A vulnerability was found in libarchive. ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8925 – libarchive: Unclear invalid memory read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8925
14 Jul 2016 — The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. La función readline en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida) a través de un archivo mtree manipulado, relacionado con una nueva línea de análisis gramatical. A vulnerability ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8926 – libarchive: NULL pointer access in RAR parser
https://notcve.org/view.php?id=CVE-2015-8926
14 Jul 2016 — The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. La función archive_read_format_rar_read_data en archive_read_support_format_rar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo rar manipulado. A vulnerability was found in libarchive. A specially crafted RAR file coul... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2015-8928 – libarchive: Heap out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8928
14 Jul 2016 — The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función process_add_entry en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted MTREE file... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2015-8930 – libarchive: Endless loop in ISO parser
https://notcve.org/view.php?id=CVE-2015-8930
14 Jul 2016 — bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. bsdtar en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una ISO con un directorio que es miembro de si mismo. A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leadi... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2015-8931 – libarchive: Undefined behavior (signed integer overflow) in mtree parser
https://notcve.org/view.php?id=CVE-2015-8931
14 Jul 2016 — Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Múltiples desbordamientos de entero en las funciones (1) get_time_t_max y (2) get_time_t_min en archive_read_support_format_mtree.c en libarchive en versiones anteriores a 3.2.0 permiten a atacantes remotos tener impacto no especificado a través de ... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html • CWE-190: Integer Overflow or Wraparound •