CVE-2010-4666
Gentoo Linux Security Advisory 201406-02
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
Desbordamiento de búfer en el código libarchive v3.0 pre-release, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente terner otro impacto a través de un fichero CAB manipulado, que no es gestionado de forma adecuada durante la lectura del código Huffman dentro de los datos comprimidos LZX.
Multiple vulnerabilities have been found in libarchive, some of which may allow execution of arbitrary code. Versions less than 3.1.2-r1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-03 CVE Reserved
- 2012-04-13 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://code.google.com/p/libarchive/source/detail?r=2842 | X_refsource_confirm | |
| https://bugzilla.redhat.com/show_bug.cgi?id=705849 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Libarchive Search vendor "Freebsd" for product "Libarchive" | 3.0 Search vendor "Freebsd" for product "Libarchive" and version "3.0" | - |
Affected
| ||||||