Published: 04/02/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive
debian debian linux 8.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
canonical ubuntu linux 18.04
canonical ubuntu linux 18.10
redhat enterprise linux desktop 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
opensuse leap 15.0
fedoraproject fedora 28
fedoraproject fedora 29

Several security issues were fixed in libarchive ...

Synopsis Moderate: libarchive security update Type/Severity Security Advisory: Moderate Topic An update for libarchive is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base sco ...

Synopsis Moderate: libarchive security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for libarchive is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

libarchive 332 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lhac when extracting a specially crafted lha archive, related to lha_crc16(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v310 onwards) contains a CWE-415: Double Free vulnerability ...

libarchive 332 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lhac when extracting a specially crafted lha archive, related to lha_crc16(CVE-2017-14503) libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v310 onwards) contains a CWE-415 Double Free vulnerability i ...

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v302 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zipc, header_bytes() that can result in a crash (denial of service) This attack appears to be exploitable via the victim opening a specially cr ...

libarchive version >=v302 contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zipc, header_bytes() that can result in a crash (denial of service) This attack appears to be exploitable via the victim opening a specially crafted 7zip file ...

CWE-125 https://github.com/libarchive/libarchive/pull/1120/commits/65a23f5dbee4497064e9bb467f81138a62b0dae1 https://github.com/libarchive/libarchive/pull/1120 https://usn.ubuntu.com/3884-1/https://lists.debian.org/debian-lts-announce/2019/02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/https://usn.ubuntu.com/3884-1/https://nvd.nist.gov

CVE-2019-1000019

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect