CVE-2016-1541

Published: 07 May 2016

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.0)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (3.1.2-11ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.2-7ubuntu2.2)
Patches:
Upstream: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7