Debian Libarchive vulnerabilities

87 known vulnerabilities affecting debian/libarchive.

Total CVEs
87
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH30MEDIUM33LOW22

Vulnerabilities

Page 4 of 5
CVE-2015-8917HIGHCVSS 7.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8917 [HIGH] CVE-2015-8917: libarchive - bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of s... bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resolved (fixed in 3.2.0-2
debian
CVE-2015-8921HIGHCVSS 7.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8921 [HIGH] CVE-2015-8921: libarchive - The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows... The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resolved (fixed in 3.2.0-2)
debian
CVE-2015-8928MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8928 [MEDIUM] CVE-2015-8928: libarchive - The process_add_entry function in archive_read_support_format_mtree.c in libarch... The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: res
debian
CVE-2015-8933MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8933 [MEDIUM] CVE-2015-8933: libarchive - Integer overflow in the archive_read_format_tar_skip function in archive_read_su... Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-
debian
CVE-2015-8923MEDIUMCVSS 6.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8923 [MEDIUM] CVE-2015-8923: libarchive - The process_extra function in libarchive before 3.2.0 uses the size field and a ... The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: r
debian
CVE-2015-8922MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8922 [MEDIUM] CVE-2015-8922: libarchive - The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive... The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2)
debian
CVE-2015-8926MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8926 [MEDIUM] CVE-2015-8926: libarchive - The archive_read_format_rar_read_data function in archive_read_support_format_ra... The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: r
debian
CVE-2015-2304MEDIUMCVSS 6.4fixed in libarchive 3.1.2-11 (bookworm)2015
CVE-2015-2304 [MEDIUM] CVE-2015-2304: libarchive - Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier... Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Scope: local bookworm: resolved (fixed in 3.1.2-11) bullseye: resolved (fixed in 3.1.2-11) forky: resolved (fixed in 3.1.2-11) sid: resolved (fixed in 3.1.2-11) trixie: resolved (fixed in 3.1.2-11)
debian
CVE-2015-8916MEDIUMCVSS 6.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8916 [MEDIUM] CVE-2015-8916: libarchive - bsdtar in libarchive before 3.2.0 returns a success code without filling the ent... bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fi
debian
CVE-2015-8925MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8925 [MEDIUM] CVE-2015-8925: libarchive - The readline function in archive_read_support_format_mtree.c in libarchive befor... The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2
debian
CVE-2015-8932MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8932 [MEDIUM] CVE-2015-8932: libarchive - The compress_bidder_init function in archive_read_support_filter_compress.c in l... The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (
debian
CVE-2015-8927MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8927 [MEDIUM] CVE-2015-8927: libarchive - The trad_enc_decrypt_update function in archive_read_support_format_zip.c in lib... The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2
debian
CVE-2015-8924MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8924 [MEDIUM] CVE-2015-8924: libarchive - The archive_read_format_tar_read_header function in archive_read_support_format_... The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-
debian
CVE-2015-8920MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8920 [MEDIUM] CVE-2015-8920: libarchive - The _ar_read_header function in archive_read_support_format_ar.c in libarchive b... The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resol
debian
CVE-2015-8929MEDIUMCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8929 [MEDIUM] CVE-2015-8929: libarchive - Memory leak in the __archive_read_get_extract function in archive_read_extract2.... Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resolved (fixed in 3.2
debian
CVE-2015-8934MEDIUMCVSS 5.5fixed in libarchive 3.2.1-1 (bookworm)2015
CVE-2015-8934 [MEDIUM] CVE-2015-8934: libarchive - The copy_from_lzss_window function in archive_read_support_format_rar.c in libar... The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. Scope: local bookworm: resolved (fixed in 3.2.1-1) bullseye: resolved (fixed in 3.2.1-1) forky: resolved (fixed in 3.2.1-1) sid: resolved (fixed in 3.2.1-1) t
debian
CVE-2015-8915LOWCVSS 5.5fixed in libarchive 3.2.0-2 (bookworm)2015
CVE-2015-8915 [MEDIUM] CVE-2015-8915: libarchive - bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of ... bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. Scope: local bookworm: resolved (fixed in 3.2.0-2) bullseye: resolved (fixed in 3.2.0-2) forky: resolved (fixed in 3.2.0-2) sid: resolved (fixed in 3.2.0-2) trixie: resolved (fixed in 3.2.0-2)
debian
CVE-2015-8918LOWCVSS 7.52015
CVE-2015-8918 [HIGH] CVE-2015-8918: libarchive - The archive_string_append function in archive_string.c in libarchive before 3.2.... The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2013-0211MEDIUMCVSS 5.0fixed in libarchive 3.0.4-3 (bookworm)2013
CVE-2013-0211 [MEDIUM] CVE-2013-0211: libarchive - Integer signedness error in the archive_write_zip_data function in archive_write... Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. S
debian
CVE-2011-1779HIGHCVSS 7.5fixed in libarchive 3.0.4-2 (bookworm)2011
CVE-2011-1779 [HIGH] CVE-2011-1779: libarchive - Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remo... Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. Scope: local bookworm: resolved (fixed in 3.0.4-2) bullseye: resolved (fixed in 3.0.4-2) forky: resolved (fixed in 3.0.4-2) sid: re
debian
← Previous4 / 5Next →