CVE-2015-8922

CWE-476NULL Pointer DereferenceCWE-2289 documents8 sources
Severity
5.5MEDIUM
EPSS
0.4%
top 40.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Libarchive LibarchiveCanonical Ubuntu LinuxNovell Suse Linux Enterprise Desktop+3 more
Timeline
PublishedSep 20
Latest updateMay 13

Description

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianlibarchive< 3.2.0-2+3
Ubuntulibarchive< 3.1.2-7ubuntu2.3+1
NVDlibarchive/libarchive3.1.901a

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

4
GHSA
GHSA-jp54-pqvh-vcwq: The read_CodersInfo function in archive_read_support_format_7zip2022-05-13
OSV
CVE-2015-8922: The read_CodersInfo function in archive_read_support_format_7zip2016-09-20
CVEList
CVE-2015-8922: The read_CodersInfo function in archive_read_support_format_7zip2016-09-20
OSV
libarchive vulnerabilities2016-07-14

📋Vendor Advisories

3
Ubuntu
libarchive vulnerabilities2016-07-14
Red Hat
libarchive: NULL pointer access in 7z parser2016-06-17
Debian
CVE-2015-8922: libarchive - The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive...2015

💬Community

1
Bugzilla
CVE-2015-8922 libarchive: NULL pointer access in 7z parser2016-06-21