3.2.2

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-20	CVE-2018-1000877	Double Free vulnerability in multiple products libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. network low complexity libarchive debian canonical redhat fedoraproject CWE-415	8.8
2017-05-01	CVE-2016-10350	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2 The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. network libarchive CWE-119	4.3
2017-05-01	CVE-2016-10349	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libarchive 3.2.2 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. network libarchive CWE-119	4.3
2017-04-03	CVE-2016-10209	NULL Pointer Dereference vulnerability in Libarchive 3.2.2 The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. network libarchive CWE-476	4.3
2017-01-27	CVE-2017-5601	Out-of-bounds Read vulnerability in Libarchive 3.2.2 An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. network low complexity libarchive CWE-125	5.0