CVE-2016-5844

CWE-190Integer Overflow10 documents8 sources
Severity
6.5MEDIUM
EPSS
1.5%
top 19.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Libarchive LibarchiveOracle LinuxOracle Solaris+7 more
Timeline
PublishedSep 21
Latest updateMay 13

Description

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

Debianlibarchive< 3.2.1-1+3
NVDoracle/linux6, 7+1
NVDoracle/solaris11.3

Also affects: Enterprise Linux 7.2

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-x263-jxrf-c484: Integer overflow in the ISO parser in libarchive before 32022-05-13
CVEList
CVE-2016-5844: Integer overflow in the ISO parser in libarchive before 32016-09-21
OSV
CVE-2016-5844: Integer overflow in the ISO parser in libarchive before 32016-09-21
OSV
libarchive vulnerabilities2016-07-14

📋Vendor Advisories

3
Ubuntu
libarchive vulnerabilities2016-07-14
Red Hat
libarchive: undefined behaviour (integer overflow) in iso parser2016-06-24
Debian
CVE-2016-5844: libarchive - Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote atta...2016

💬Community

2
Bugzilla
CVE-2015-8920 CVE-2015-8921 CVE-2015-8932 CVE-2015-8933 CVE-2016-4809 CVE-2016-5844 CVE-2016-7166 libarchive: various flaws [epel-5]2016-07-05
Bugzilla
CVE-2016-5844 libarchive: undefined behaviour (integer overflow) in iso parser2016-06-26
CVE-2016-5844 (MEDIUM CVSS 6.5) | Integer overflow in the ISO parser | cvebase.io