Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libarchive libarchive vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18408
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive prior to 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
Libarchive Libarchive
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
5
CVSSv2
CVE-2017-14502
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
Libarchive Libarchive 3.3.2
5
CVSSv2
CVE-2017-5601
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote malicious users to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
Libarchive Libarchive 3.2.2
5
CVSSv2
CVE-2016-4809
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive prior to 3.2.1 allows remote malicious users to cause a denial of service (application crash) via a CPIO archive with a large symlink.
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Hpc Node Eus 7.2
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Aus 7.2
Oracle Linux 6
Oracle Linux 7
Libarchive Libarchive
5
CVSSv2
CVE-2013-0211
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and previous versions, when running on 64-bit machines, allows context-dependent malicious users to cause a denial of service (crash) via unspecified vectors, whi...
Libarchive Libarchive
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Opensuse Opensuse 13.1
Canonical Ubuntu Linux 14.10
Opensuse Opensuse 13.2
Fedoraproject Fedora 17
Fedoraproject Fedora 18
Freebsd Freebsd 9.3
5
CVSSv2
CVE-2013-4668
Directory traversal vulnerability in File Roller 3.6.x prior to 3.6.4, 3.8.x prior to 3.8.3, and 3.9.x prior to 3.9.3, when libarchive is used, allows remote malicious users to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory str...
File Roller Project File Roller
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.04
5
CVSSv2
CVE-2008-1927
Double free vulnerability in Perl 5.8.8 allows context-dependent malicious users to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
Perl Perl 5.8.8
5
CVSSv2
CVE-2006-5680
The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and prior to 2006-11-08 allows context-dependent malicious users to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which tr...
Freebsd Freebsd 6
4.3
CVSSv2
CVE-2021-36976
libarchive 3.4.1 up to and including 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
Libarchive Libarchive
Fedoraproject Fedora 35
Apple Macos
Apple Iphone Os
Apple Ipados
Apple Watchos
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
4.3
CVSSv2
CVE-2020-21674
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote malicious users to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects user...
Libarchive Libarchive 3.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »