Vulnerabilities > Libarchive > Libarchive > 3.6.0

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2025-1632 NULL Pointer Dereference vulnerability in Libarchive
A vulnerability was found in libarchive up to 3.7.7.
local
low complexity
libarchive CWE-476
5.5
2024-10-10 CVE-2024-48957 Out-of-bounds Read vulnerability in Libarchive
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
local
low complexity
libarchive CWE-125
7.8
2024-10-10 CVE-2024-48958 Out-of-bounds Read vulnerability in Libarchive
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
local
low complexity
libarchive CWE-125
7.8
2024-06-08 CVE-2024-37407 Out-of-bounds Read vulnerability in Libarchive
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled.
network
low complexity
libarchive CWE-125
critical
9.1
2023-05-29 CVE-2023-30571 Race Condition vulnerability in Libarchive
Libarchive through 3.6.2 can cause directories to have world-writable permissions.
local
high complexity
libarchive CWE-362
5.3
2022-11-22 CVE-2022-36227 NULL Pointer Dereference vulnerability in multiple products
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
network
low complexity
libarchive debian fedoraproject splunk CWE-476
critical
9.8
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
2016-09-21 CVE-2016-6250 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
network
low complexity
oracle libarchive CWE-190
8.6
2016-09-21 CVE-2016-5844 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
network
low complexity
libarchive redhat oracle CWE-190
6.5
2016-09-21 CVE-2016-5418 Data Processing Errors vulnerability in multiple products
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
network
low complexity
redhat oracle libarchive CWE-19
7.5