Your submission was sent successfully! Close

CVE-2019-19221

Published: 21 November 2019

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic
Released (3.2.2-3.1ubuntu0.6)
disco Ignored
(reached end-of-life)
eoan
Released (3.4.0-1ubuntu0.1)
focal
Released (3.4.0-1ubuntu2)
groovy
Released (3.4.0-1ubuntu2)
hirsute
Released (3.4.0-1ubuntu2)
impish
Released (3.4.0-1ubuntu2)
jammy
Released (3.4.0-1ubuntu2)
precise Does not exist

trusty Needed

upstream Needs triage

xenial
Released (3.1.2-11ubuntu0.16.04.8)
Patches:
upstream: https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41