Search CVE reports


Toggle filters

21 – 30 of 79 results


CVE-2018-1000878

Medium priority
Fixed

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed
Show less packages

CVE-2018-1000877

Medium priority
Fixed

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c,...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed
Show less packages

CVE-2018-10860

Medium priority
Fixed

perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive...

1 affected package

libarchive-zip-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive-zip-perl Fixed Fixed
Show less packages

CVE-2017-13816

Medium priority
Ignored

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected
Show less packages

CVE-2017-13813

Medium priority
Ignored

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected
Show less packages

CVE-2017-13812

Medium priority
Ignored

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected
Show less packages

CVE-2017-14503

Low priority

Some fixes available 3 of 5

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed
Show less packages

CVE-2017-14502

Negligible priority

Some fixes available 3 of 5

read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed
Show less packages

CVE-2017-14501

Low priority

Some fixes available 3 of 5

An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed
Show less packages

CVE-2017-14166

Low priority

Some fixes available 2 of 5

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in...

1 affected package

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected Fixed
Show less packages