CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2015-8918
https://notcve.org/view.php?id=CVE-2015-8918
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." La función archive_string_append en archive_string.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo cab manipulado, relacionado con "superposición de memcpy". • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.securityfocus.com/bid/91300 https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html https://github.com/libarchive/libarchive/issues/506 https://security.gentoo.org/glsa/201701-03 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0CVE-2015-8919 – libarchive: Heap out of bounds read in LHA/LZH parser
https://notcve.org/view.php?id=CVE-2015-8919
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. La función lha_read_file_extended_header en archive_read_support_format_lha.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (memoria dinámica fuera de rango) a través de un archivo (1) lzh o (2) lha manipulado. A vulnerability was found in libarchive. A specially crafted LZA/LZH file could cause a small out-of-bounds read, potentially disclosing a few bytes of application memory. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91302 http://www.ubuntu.com/usn/USN-3033-1 https://blog.fuzzing-project. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 1%CPEs: 8EXPL: 0CVE-2015-8920 – libarchive: Stack out of bounds read in ar parser
https://notcve.org/view.php?id=CVE-2015-8920
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. La función lha_ar_read_header en archive_read_support_format_ar.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura de pila fuera de rango) a través de un archivo ar manipulado. A vulnerability was found in libarchive. A specially crafted AR archive could cause the application to read a single byte of application memory, potentially disclosing it to the attacker. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91301 http://www.ubuntu. • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 0CVE-2015-8921 – libarchive: Global out of bounds read in mtree parser
https://notcve.org/view.php?id=CVE-2015-8921
The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. La función ae_strtofflags en archive_entry.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mtree manipulado. A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://rhn.redhat.com/errata/RHSA-2016-1850.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91307 http://www.ubuntu. • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-8922 – libarchive: NULL pointer access in 7z parser
https://notcve.org/view.php?id=CVE-2015-8922
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. La función read_CodersInfo en archive_read_support_format_7zip.c en libarchive en versiones anteriores a 3.2.0 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo 7z manipulado, relacionado con la estructura the _7z_folder. A vulnerability was found in libarchive. A specially crafted 7Z file could trigger a NULL pointer dereference, causing the application to crash. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html http://rhn.redhat.com/errata/RHSA-2016-1844.html http://www.debian.org/security/2016/dsa-3657 http://www.openwall.com/lists/oss-security/2016/06/17/2 http://www.openwall.com/lists/oss-security/2016/06/17/5 http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.securityfocus.com/bid/91312 http://www.ubuntu.com/usn/USN-3033-1 https://blog.fuzzing-project. • CWE-476: NULL Pointer Dereference •