Debian Libarchive vulnerabilities

CVE-2017-14501 [MEDIUM] CVE-2017-14501: libarchive - An out-of-bounds read flaw exists in parse_file_info in archive_read_support_for... An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. Scope: local bookworm: resolved (fixed in 3.2.2-4.2) bullseye: resolved (fixed in 3.2.2-4.2) forky: resolved (fixed in 3.2.2-4.2) sid: resolved

CVE-2017-14503 [MEDIUM] CVE-2017-14503: libarchive - libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() ... libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. Scope: local bookworm: resolved (fixed in 3.2.2-4.1) bullseye: resolved (fixed in 3.2.2-4.1) forky: resolved (fixed in 3.2.2-4.1) sid: resolved (fixed in 3.2.2-4.1) trixie: re

CVE-2016-8689 [HIGH] CVE-2016-8689: libarchive - The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2... The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. Scope: local bookworm: resolved (fixed in 3.2.1-5) bullseye: resolved (fixed in 3.2.1-5) forky: resolved (fixed in 3.2.1-5) sid: resolved (fixe

CVE-2016-4302 [HIGH] CVE-2016-4302: libarchive - Heap-based buffer overflow in the parse_codes function in archive_read_support_f... Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolved (fixed in 3.2.1-1) sid: resolved (fixed in 3.2.1

CVE-2016-5418 [HIGH] CVE-2016-5418: libarchive - The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive ... The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. Scope: local bookworm: resolved (fixed in 3.2.1-4) bullseye: resolved (fixed in 3.2.1-4) forky: resolved (fixed in 3.2.1-4) sid: resolved (fixed in 3.2.1-4) trixie:

CVE-2016-8687 [HIGH] CVE-2016-8687: libarchive - Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarc... Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. Scope: local bookworm: resolved (fixed in 3.2.1-5) bullseye: resolved (fixed in 3.2.1-5) forky: resolved (fixed in 3.2.1-5) sid: resolved (fixed in 3.2.1-5) tri

CVE-2016-4809 [HIGH] CVE-2016-4809: libarchive - The archive_read_format_cpio_read_header function in archive_read_support_format... The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolved (fixed in 3.2.1-1) sid: resolved

CVE-2016-1541 [HIGH] CVE-2016-1541: libarchive - Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read... Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. Scope: local bookworm: resolved (fixed in 3.1.2-11.1) bullseye: resolved (fixed in 3.1.2-11.1) forky: resolved (fixed in 3.1.2-11.1) sid: re

CVE-2016-4301 [HIGH] CVE-2016-4301: libarchive - Stack-based buffer overflow in the parse_device function in archive_read_support... Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolved (fixed in 3.2.1-1) sid: resolved (fixed in 3.2.1-1) trixie: res

CVE-2016-4300 [HIGH] CVE-2016-4300: libarchive - Integer overflow in the read_SubStreamsInfo function in archive_read_support_for... Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolve

CVE-2016-10350 [MEDIUM] CVE-2016-10350: libarchive - The archive_read_format_cab_read_header function in archive_read_support_format_... The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 3.2.2-3.1) bullseye: resolved (fixed in 3.2.2-3.1) forky: resolved (fixed in 3.2.2-3.1) si

CVE-2016-5844 [MEDIUM] CVE-2016-5844: libarchive - Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote atta... Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolved (fixed in 3.2.1-1) sid: resolved (fixed in 3.2.1-1) trixie: resolved (fixed in 3.2.1-1)

CVE-2016-7166 [MEDIUM] CVE-2016-7166: libarchive - libarchive before 3.2.0 does not limit the number of recursive decompressions, w... libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) tr

CVE-2016-10349 [MEDIUM] CVE-2016-10349: libarchive - The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remo... The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 3.2.2-3.1) bullseye: resolved (fixed in 3.2.2-3.1) forky: resolved (fixed in 3.2.2-3.1) sid: resolved (fixed in 3.2.2-3.1) trix

CVE-2016-8688 [MEDIUM] CVE-2016-8688: libarchive - The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when exte... The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. Scope: local bookworm: resolved (fixed in 3.2

CVE-2016-10209 [MEDIUM] CVE-2016-10209: libarchive - The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3... The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. Scope: local bookworm: resolved (fixed in 3.2.2-3.1) bullseye: resolved (fixed in 3.2.2-3.1) forky: resolved (fixed in 3.2.2-3.1) sid: resolved (fix

CVE-2016-6250 [HIGH] CVE-2016-6250: libarchive - Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote ... Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-

CVE-2015-8930 [HIGH] CVE-2015-8930: libarchive - bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of s... bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resolved (fixed in 3.2.0-2)

CVE-2015-8931 [HIGH] CVE-2015-8931: libarchive - Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min func... Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved

CVE-2015-8919 [HIGH] CVE-2015-8919: libarchive - The lha_read_file_extended_header function in archive_read_support_format_lha.c ... The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in