Libarchive: >> Libarchive >> 3.0.1b Security Vulnerabilities
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVSS Score
7.5
EPSS Score
0.026
Published
2016-09-20
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
CVSS Score
7.5
EPSS Score
0.066
Published
2016-09-20
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVSS Score
6.5
EPSS Score
0.009
Published
2016-09-20
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-09-20
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVSS Score
8.8
EPSS Score
0.093
Published
2016-05-07
Page 5