CVE-2011-1779

Published: 13 April 2012

Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.

Notes

Author	Note
mdeslaur	code is different in 2.8.x

Priority

Status

Package	Release	Status
libarchive Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable (code not present)
	maverick	Not vulnerable (code not present)
	natty	Not vulnerable (code not present)
	oneiric	Not vulnerable (code not present)
	upstream	Needs triage
	Patches: upstream: http://code.google.com/p/libarchive/source/detail?r=3038

References

https://www.cve.org/CVERecord?id=CVE-2011-1779
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=705849

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›