CVE-2016-6250

CWE-190Integer OverflowCWE-122Heap-based Buffer Overflow13 documents8 sources
Severity
8.6HIGH
EPSS
1.7%
top 17.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libarchive LibarchiveOracle Linux
Timeline
PublishedSep 21
Latest updateMay 13

Description

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages3 packages

Debianlibarchive< 3.2.1-1+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-m79p-4p7w-x53w: Integer overflow in the ISO9660 writer in libarchive before 32022-05-13
OSV
libarchive vulnerabilities2017-03-09
CVEList
CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive before 32016-09-21
OSV
CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive before 32016-09-21

📋Vendor Advisories

3
Ubuntu
libarchive vulnerabilities2017-03-09
Red Hat
libarchive: Buffer overflow when writing large iso9660 containers2016-05-29
Debian
CVE-2016-6250: libarchive - Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote ...2016

💬Community

5
Bugzilla
CVE-2016-6250 libarchive3: libarchive: Integer overflow when verifying filename size [epel-6]2016-07-20
Bugzilla
CVE-2016-6250 mingw-libarchive: libarchive: Integer overflow when verifying filename size [fedora-all]2016-07-20
Bugzilla
CVE-2016-6250 libarchive: Integer overflow when verifying filename size [fedora-all]2016-07-20
Bugzilla
CVE-2016-6250 libarchive: Integer overflow when verifying filename size [epel-5]2016-07-20
Bugzilla
CVE-2016-6250 libarchive: Buffer overflow when writing large iso9660 containers2016-06-16
CVE-2016-6250 (HIGH CVSS 8.6) | Integer overflow in the ISO9660 wri | cvebase.io