Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libarchive libarchive vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-36227
In libarchive prior to 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties di...
Libarchive Libarchive
Debian Debian Linux 10.0
Fedoraproject Fedora 37
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
6.5
CVSSv3
CVE-2017-14166
libarchive 3.3.2 allows remote malicious users to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
Libarchive Libarchive 3.3.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
NA
CVE-2015-2304
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and previous versions allows remote malicious users to write to arbitrary files via a full pathname in an archive.
Libarchive Libarchive
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
8.8
CVSSv3
CVE-2020-9308
archive_read_support_format_rar5.c in libarchive prior to 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
Libarchive Libarchive
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2021-36976
libarchive 3.4.1 up to and including 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Libarchive Libarchive
Fedoraproject Fedora 35
Apple Macos
Apple Iphone Os
Apple Ipados
Apple Watchos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
7.5
CVSSv3
CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive prior to 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
Libarchive Libarchive
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
5.5
CVSSv3
CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
Libarchive Libarchive 3.4.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
6.5
CVSSv3
CVE-2018-1000880
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run ...
Libarchive Libarchive
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
NA
CVE-2013-0211
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and previous versions, when running on 64-bit machines, allows context-dependent malicious users to cause a denial of service (crash) via unspecified vectors, whi...
Libarchive Libarchive
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 14.10
Opensuse Opensuse 13.2
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Freebsd Freebsd 9.3
6.5
CVSSv3
CVE-2019-1000020
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockrid...
Libarchive Libarchive
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Opensuse Leap 15.0
Fedoraproject Fedora 29
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »