libarchive 3.3.2 allows remote malicious users to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libarchive libarchive 3.3.2 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |