Vulnerabilities > Libarchive > Libarchive > 3.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-24 | CVE-2025-1632 | NULL Pointer Dereference vulnerability in Libarchive A vulnerability was found in libarchive up to 3.7.7. | 5.5 |
| 2024-10-10 | CVE-2024-48957 | Out-of-bounds Read vulnerability in Libarchive execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
| 2024-10-10 | CVE-2024-48958 | Out-of-bounds Read vulnerability in Libarchive execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | 7.8 |
| 2024-06-08 | CVE-2024-37407 | Out-of-bounds Read vulnerability in Libarchive Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. | 9.1 |
| 2023-05-29 | CVE-2023-30571 | Race Condition vulnerability in Libarchive Libarchive through 3.6.2 can cause directories to have world-writable permissions. | 5.3 |
| 2022-11-22 | CVE-2022-36227 | NULL Pointer Dereference vulnerability in multiple products In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. | 9.8 |
| 2022-03-28 | CVE-2022-26280 | Out-of-bounds Read vulnerability in multiple products Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. | 6.5 |
| 2016-09-21 | CVE-2016-6250 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. | 8.6 |
| 2016-09-21 | CVE-2016-5844 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | 6.5 |
| 2016-09-21 | CVE-2016-5418 | Data Processing Errors vulnerability in multiple products The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | 7.5 |