Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Libarchive Subscribe
Total 65 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37407 1 Libarchive 1 Libarchive 2025-04-29 N/A 9.1 CRITICAL
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
CVE-2017-5601 1 Libarchive 1 Libarchive 2025-04-20 5.0 MEDIUM 7.5 HIGH
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
CVE-2017-14166 3 Canonical, Debian, Libarchive 3 Ubuntu Linux, Debian Linux, Libarchive 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.
CVE-2016-10350 1 Libarchive 1 Libarchive 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-14502 1 Libarchive 1 Libarchive 2025-04-20 5.0 MEDIUM 7.5 HIGH
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
CVE-2016-10209 1 Libarchive 1 Libarchive 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.
CVE-2016-8688 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVE-2016-10349 1 Libarchive 1 Libarchive 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-8687 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 5.0 MEDIUM 7.5 HIGH
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2017-14503 1 Libarchive 1 Libarchive 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
CVE-2017-14501 1 Libarchive 1 Libarchive 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
CVE-2016-8689 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 5.0 MEDIUM 7.5 HIGH
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVE-2024-48615 1 Libarchive 1 Libarchive 2025-04-14 N/A 7.5 HIGH
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
CVE-2015-8927 1 Libarchive 1 Libarchive 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
CVE-2015-8915 1 Libarchive 1 Libarchive 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
CVE-2015-8923 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2016-4300 2 Libarchive, Redhat 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-12 6.8 MEDIUM 7.8 HIGH
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2015-8916 3 Canonical, Debian, Libarchive 3 Ubuntu Linux, Debian Linux, Libarchive 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
CVE-2015-8926 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2016-6250 2 Libarchive, Oracle 2 Libarchive, Linux 2025-04-12 7.5 HIGH 8.6 HIGH
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.