Vulnerabilities > Libarchive > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-20 | CVE-2015-8921 | Out-of-bounds Read vulnerability in multiple products The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | 7.5 |
| 2016-09-20 | CVE-2015-8919 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. | 7.5 |
| 2016-09-20 | CVE-2015-8918 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | 7.5 |
| 2016-09-20 | CVE-2015-8917 | NULL Pointer Dereference vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | 7.5 |
| 2016-05-07 | CVE-2016-1541 | Improper Input Validation vulnerability in Libarchive Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. | 8.8 |