Libarchive: >> Libarchive >> 3.1.1 Security Vulnerabilities
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVSS Score
6.5
EPSS Score
0.009
Published
2016-09-20
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-09-20
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVSS Score
8.8
EPSS Score
0.116
Published
2016-05-07
Page 5