Vulnerabilities > Libarchive

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in Libarchive 3.6.1
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive CWE-476
critical
9.8
2022-08-23 CVE-2021-23177 Link Following vulnerability in multiple products
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
7.8
2022-08-23 CVE-2021-31566 Link Following vulnerability in multiple products
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8
2022-05-04 CVE-2022-28066 Out-of-bounds Read vulnerability in Libarchive 3.6.0
Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode.
4.3
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
2021-07-20 CVE-2021-36976 Use After Free vulnerability in multiple products
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
network
low complexity
libarchive fedoraproject apple CWE-416
6.5
2020-10-15 CVE-2020-21674 Out-of-bounds Write vulnerability in Libarchive 3.4.1
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.
4.3
2020-02-20 CVE-2020-9308 Out-of-bounds Write vulnerability in multiple products
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
6.8
2019-11-21 CVE-2019-19221 Out-of-bounds Read vulnerability in multiple products
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call.
5.5
2019-10-24 CVE-2019-18408 Use After Free vulnerability in multiple products
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
network
low complexity
libarchive debian canonical CWE-416
5.0