Your submission was sent successfully! Close

CVE-2019-19221

Published: 21 November 2019

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (3.4.0-1ubuntu2)
Ubuntu 21.04 (Hirsute Hippo)
Released (3.4.0-1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.4.0-1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.2.2-3.1ubuntu0.6)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.1.2-11ubuntu0.16.04.8)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41