Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-26280

Published: 28 March 2022

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (3.4.0-2ubuntu1.2)
impish
Released (3.4.3-2ubuntu0.2)
jammy
Released (3.6.0-1ubuntu1)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)
Patches:
upstream: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff