Search CVE reports
1 – 10 of 76 results
CVE-2024-37407
Medium priorityLibarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-26256
Medium priorityLibarchive Remote Code Execution Vulnerability
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2023-30571
Negligible priorityLibarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with...
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | — | Ignored | Ignored | Ignored | Ignored |
CVE-2022-36227
Low priorityIn libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE:...
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | Not affected | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
CVE-2022-26280
Medium priorityLibarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | — | Fixed | Fixed | Not affected | Not affected |
CVE-2021-31566
Low prioritySome fixes available 2 of 6
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim...
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
CVE-2021-23177
Low prioritySome fixes available 2 of 6
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw...
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
CVE-2021-36976
Medium prioritySome fixes available 3 of 5
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | — | Fixed | Fixed | Not affected | Not affected |
CVE-2020-21674
Medium priorityHeap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a...
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | — | — | Not affected | Not affected | Not affected |
CVE-2020-9308
Medium priorityarchive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
1 affected packages
libarchive
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libarchive | — | — | — | Not affected | Not affected |