Vulnerabilities > Libarchive > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-29 CVE-2023-30571 Race Condition vulnerability in Libarchive
Libarchive through 3.6.2 can cause directories to have world-writable permissions.
local
high complexity
libarchive CWE-362
5.3
2022-03-28 CVE-2022-26280 Out-of-bounds Read vulnerability in multiple products
Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.
network
high complexity
libarchive fedoraproject CWE-125
6.5
2021-07-20 CVE-2021-36976 Use After Free vulnerability in multiple products
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
network
low complexity
libarchive fedoraproject apple splunk CWE-416
6.5
2020-10-15 CVE-2020-21674 Out-of-bounds Write vulnerability in Libarchive 3.4.1
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file.
4.3
2019-11-21 CVE-2019-19221 Out-of-bounds Read vulnerability in multiple products
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call.
5.5
2019-04-23 CVE-2019-11463 Memory Leak vulnerability in Libarchive
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.
4.3
2019-02-04 CVE-2019-1000020 Infinite Loop vulnerability in multiple products
libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop.
6.5
2019-02-04 CVE-2019-1000019 Out-of-bounds Read vulnerability in multiple products
libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service).
6.5
2018-12-20 CVE-2018-1000880 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file.
6.5
2018-12-20 CVE-2018-1000879 NULL Pointer Dereference vulnerability in multiple products
libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS.
network
low complexity
libarchive opensuse fedoraproject CWE-476
6.5