Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-1000019

Published: 4 February 2019

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
upstream Needs triage

trusty
Released (3.1.2-7ubuntu2.8)
xenial
Released (3.1.2-11ubuntu0.16.04.6)
bionic
Released (3.2.2-3.1ubuntu0.3)
cosmic
Released (3.2.2-5ubuntu0.2)
Patches:
upstream: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H