Vulnerabilities > Libarchive
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-36227 | NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 9.8 |
| 2022-08-23 | CVE-2021-23177 | Link Following vulnerability in multiple products An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. | 7.8 |
| 2022-08-23 | CVE-2021-31566 | Link Following vulnerability in multiple products An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. | 7.8 |
| 2022-05-04 | CVE-2022-28066 | Out-of-bounds Read vulnerability in Libarchive 3.6.0 Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. | 4.3 |
| 2022-03-28 | CVE-2022-26280 | Out-of-bounds Read vulnerability in multiple products Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | 6.5 |
| 2021-07-20 | CVE-2021-36976 | Use After Free vulnerability in multiple products libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | 6.5 |
| 2020-10-15 | CVE-2020-21674 | Out-of-bounds Write vulnerability in Libarchive 3.4.1 Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. | 4.3 |
| 2020-02-20 | CVE-2020-9308 | Out-of-bounds Write vulnerability in multiple products archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | 6.8 |
| 2019-11-21 | CVE-2019-19221 | Out-of-bounds Read vulnerability in multiple products In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. | 5.5 |
| 2019-10-24 | CVE-2019-18408 | Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | 5.0 |