CVE-2015-8921

Published: 31 December 2015

The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
libarchive Launchpad, Ubuntu, Debian	upstream	Released (3.2.0-2)
	precise	Released (3.0.3-6ubuntu1.3)
	trusty	Released (3.1.2-7ubuntu2.3)
	wily	Released (3.1.2-11ubuntu0.15.10.2)
	xenial	Released (3.1.2-11ubuntu0.16.04.2)
	Patches: upstream: https://github.com/libarchive/libarchive/commit/1cbc76faffb79a99c6009a1816736f73b4a3632a upstream: https://github.com/libarchive/libarchive/commit/05a875fdb876e7a2f56a2937f756927cbed919e0 upstream: https://github.com/libarchive/libarchive/commit/90632371f89d1390bf71dd31ae1c842b9110bea2 upstream: https://github.com/libarchive/libarchive/commit/c600d11f2c1645f6f6965592659d386436f4d6db

References

Bugs

https://github.com/libarchive/libarchive/issues/512

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›