Vulnerabilities > Libarchive

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-36976 Use After Free vulnerability in Libarchive
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
4.3
2020-10-15 CVE-2020-21674 Out-of-bounds Write vulnerability in Libarchive 3.4.1
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.
4.3
2020-02-20 CVE-2020-9308 Improper Input Validation vulnerability in multiple products
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
6.8
2019-11-21 CVE-2019-19221 Out-of-bounds Read vulnerability in Libarchive 3.4.0
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call.
local
low complexity
libarchive CWE-125
2.1
2019-10-24 CVE-2019-18408 Use After Free vulnerability in multiple products
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
network
low complexity
libarchive debian canonical CWE-416
5.0
2019-04-23 CVE-2019-11463 Memory Leak vulnerability in Libarchive
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.
4.3
2019-02-04 CVE-2019-1000020 Infinite Loop vulnerability in multiple products
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop.
4.3
2019-02-04 CVE-2019-1000019 Out-of-bounds Read vulnerability in multiple products
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service).
4.3
2018-12-20 CVE-2018-1000880 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file.
4.3
2018-12-20 CVE-2018-1000879 NULL Pointer Dereference vulnerability in multiple products
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS.
4.3