Libarchive CVEs and Security Vulnerabilities

Filtered by vendor Libarchive Subscriptions

Filtered by product Libarchive Subscriptions

Search

Switch to Advanced Search (Beta)

Total 73 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-14503	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	N/A
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
CVE-2017-14502	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-20	7.5 High
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2016-8688	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-10350	1 Libarchive	1 Libarchive	2025-04-20	N/A
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-8687	2 Libarchive, Opensuse	2 Libarchive, Leap	2025-04-20	N/A
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2024-48615	1 Libarchive	1 Libarchive	2025-04-14	7.5 High
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
CVE-2015-8918	2 Libarchive, Novell	4 Libarchive, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 1 more	2025-04-12	N/A
The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy."
CVE-2016-6250	3 Libarchive, Oracle, Redhat	3 Libarchive, Linux, Enterprise Linux	2025-04-12	N/A
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVE-2016-7166	3 Libarchive, Oracle, Redhat	10 Libarchive, Linux, Enterprise Linux and 7 more	2025-04-12	N/A
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-2016-1541	2 Libarchive, Redhat	2 Libarchive, Enterprise Linux	2025-04-12	N/A
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
CVE-2015-8916	4 Canonical, Debian, Libarchive and 1 more	4 Ubuntu Linux, Debian Linux, Libarchive and 1 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE-2015-8932	5 Canonical, Debian, Libarchive and 2 more	7 Ubuntu Linux, Debian Linux, Libarchive and 4 more	2025-04-12	N/A
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2015-8930	4 Canonical, Libarchive, Redhat and 1 more	6 Ubuntu Linux, Libarchive, Enterprise Linux and 3 more	2025-04-12	N/A
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2015-2304	3 Canonical, Libarchive, Opensuse	3 Ubuntu Linux, Libarchive, Opensuse	2025-04-12	N/A
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
CVE-2015-8915	1 Libarchive	1 Libarchive	2025-04-12	N/A
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVE-2016-4809	3 Libarchive, Oracle, Redhat	10 Libarchive, Linux, Enterprise Linux and 7 more	2025-04-12	N/A
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2016-4300	2 Libarchive, Redhat	9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more	2025-04-12	N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4301	1 Libarchive	1 Libarchive	2025-04-12	N/A
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
CVE-2016-4302	2 Libarchive, Redhat	9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more	2025-04-12	N/A
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
CVE-2015-8929	2 Libarchive, Suse	4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more	2025-04-12	N/A
Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

« first previous Page 2 of 4. next last »