Libarchive - Libarchive CVE

Filtered by vendor Libarchive Subscriptions

Filtered by product Libarchive Subscriptions

Total 73 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-14503	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	N/A
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
CVE-2016-10209	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
CVE-2016-8688	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2017-14501	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	N/A
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
CVE-2016-10349	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2024-48615	1 Libarchive	1 Libarchive	2025-04-14	7.5 High
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
CVE-2015-8923	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2016-6250	3 Libarchive, Oracle, Redhat	3 Libarchive, Linux, Enterprise Linux	2025-04-12	N/A
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2016-4300	2 Libarchive, Redhat	9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more	2025-04-12	N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4301	1 Libarchive	1 Libarchive	2025-04-12	N/A
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2015-8927	1 Libarchive	1 Libarchive	2025-04-12	N/A
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
CVE-2015-8928	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
CVE-2015-8929	2 Libarchive, Suse	4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more	2025-04-12	N/A
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.
CVE-2015-8931	5 Canonical, Debian, Libarchive and 2 more	7 Ubuntu Linux, Debian Linux, Libarchive and 4 more	2025-04-12	N/A
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
CVE-2015-8919	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.
CVE-2015-8925	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
CVE-2015-8915	1 Libarchive	1 Libarchive	2025-04-12	N/A
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVE-2015-8917	4 Canonical, Debian, Libarchive and 1 more	4 Ubuntu Linux, Debian Linux, Libarchive and 1 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVE-2015-8918	2 Libarchive, Novell	4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more	2025-04-12	N/A
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2015-8920	4 Canonical, Libarchive, Novell and 1 more	6 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 3 more	2025-04-12	N/A
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

« first previous Page 2 of 4. next last »