Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-11463

Published: 23 April 2019

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(code not present)
eoan Not vulnerable
(code not present)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Not vulnerable
(debian: Vulnerable code not present)
xenial Not vulnerable
(code not present)