Vulnerabilities > Libarchive

DATE CVE VULNERABILITY TITLE RISK
2024-10-10 CVE-2024-48957 Out-of-bounds Read vulnerability in Libarchive
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
local
low complexity
libarchive CWE-125
7.8
2024-10-10 CVE-2024-48958 Out-of-bounds Read vulnerability in Libarchive
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
local
low complexity
libarchive CWE-125
7.8
2024-06-08 CVE-2024-37407 Out-of-bounds Read vulnerability in Libarchive
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled.
network
low complexity
libarchive CWE-125
critical
9.1
2023-05-29 CVE-2023-30571 Race Condition vulnerability in Libarchive
Libarchive through 3.6.2 can cause directories to have world-writable permissions.
local
high complexity
libarchive CWE-362
5.3
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
9.8
2022-08-23 CVE-2021-23177 An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
local
low complexity
libarchive fedoraproject redhat debian
7.8
2022-08-23 CVE-2021-31566 An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. 7.8
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
2021-07-20 CVE-2021-36976 Use After Free vulnerability in multiple products
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
network
low complexity
libarchive fedoraproject apple splunk CWE-416
6.5
2020-10-15 CVE-2020-21674 Out-of-bounds Write vulnerability in Libarchive 3.4.1
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.
network
low complexity
libarchive CWE-787
6.5