Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-09-20 CVE-2015-8927 Out-of-bounds Read vulnerability in Libarchive
The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.
4.3
2016-09-20 CVE-2015-8926 NULL Pointer Dereference vulnerability in multiple products
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
4.3
2016-09-20 CVE-2015-8925 Out-of-bounds Read vulnerability in multiple products
The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.
4.3
2016-09-20 CVE-2015-8924 Out-of-bounds Read vulnerability in multiple products
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
local
low complexity
libarchive novell canonical CWE-125
5.5
2016-09-20 CVE-2015-8923 Improper Input Validation vulnerability in multiple products
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
network
low complexity
libarchive novell canonical CWE-20
6.5
2016-09-20 CVE-2015-8922 NULL Pointer Dereference vulnerability in multiple products
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
local
low complexity
libarchive novell canonical oracle CWE-476
5.5
2016-09-20 CVE-2015-8920 Out-of-bounds Read vulnerability in multiple products
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
local
low complexity
novell canonical libarchive CWE-125
5.5
2016-09-20 CVE-2015-8917 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.
network
low complexity
debian libarchive canonical CWE-476
5.0
2016-09-20 CVE-2015-8916 NULL Pointer Dereference vulnerability in multiple products
bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.
4.3
2016-09-20 CVE-2015-8915 Out-of-bounds Read vulnerability in Libarchive
bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.
4.3