Published: 03/04/2017 Updated: 28/12/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive 3.2.2

Several security issues were fixed in libarchive ...

Multiple security issues were found in libarchive, a multi-format archive and compression library: Processing malformed RAR archives could result in denial of service or the execution of arbitrary code and malformed WARC, LHarc, ISO, Xar or CAB archives could result in denial of service For the stable distribution (stretch), these problems have be ...

Debian Bug report logs - #916963 libarchive: CVE-2018-1000878 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:42:02 UTC Severity: grave Tags: security, upstream Found in versions libarchive/32 ...

Debian Bug report logs - #874539 libarchive: CVE-2017-14166: heap-based buffer overflow in xml_data (archive_read_support_format_xarc) Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Sep 2017 06:03:02 UTC ...

Debian Bug report logs - #916960 libarchive: CVE-2018-1000880 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:27:01 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

Debian Bug report logs - #916964 libarchive: CVE-2018-1000877 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 Dec 2018 20:48:02 UTC Severity: important Tags: security, upstream Found in versions libarchive ...

Debian Bug report logs - #861609 libarchive: CVE-2016-10349 CVE-2016-10350 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 1 May 2017 13:21:02 UTC Severity: important Tags: patch, security, upstream Found in ...

Debian Bug report logs - #859456 libarchive: CVE-2016-10209 Package: src:libarchive; Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 3 Apr 2017 19:09:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found i ...

The archive_wstring_append_from_mbs function in archive_stringc in libarchive 322 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file ...

CWE-476 https://github.com/libarchive/libarchive/issues/842 http://www.securityfocus.com/bid/97327 https://usn.ubuntu.com/3736-1/https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://www.debian.org/security/2018/dsa-4360 https://usn.ubuntu.com/3736-1/https://nvd.nist.gov

Get Started

CVE-2016-10209

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect