|
|
Log in / Subscribe / Register

libarchive: three vulnerabilities

Package(s):libarchive CVE #(s):CVE-2016-8687 CVE-2016-8688 CVE-2016-8689
Created:October 18, 2016 Updated:December 12, 2016
Description: From the Debian LTS advisory:

Agostino Sarubbo of Gentoo discovered several security vulnerabilities in libarchive, a multi-format archive and compression library. An attacker could take advantage of these flaws to cause a buffer overflow or an out of bounds read using a carefully crafted input file.

CVE-2016-8687: Agostino Sarubbo of Gentoo discovered a possible stack-based buffer overflow when printing a filename in bsdtar_expand_char() of util.c.

CVE-2016-8688: Agostino Sarubbo of Gentoo discovered a possible out of bounds read when parsing multiple long lines in bid_entry() and detect_form() of archive_read_support_format_mtree.c.

CVE-2016-8689: Agostino Sarubbo of Gentoo discovered a possible heap-based buffer overflow when reading corrupted 7z files in read_Header() of archive_read_support_format_7zip.c.

Alerts:
Debian-LTS DLA-661-1 libarchive 2016-10-17
Gentoo 201701-03 libarchive 2017-01-01
Fedora FEDORA-2016-dd2aa2b4a9 mingw-libarchive 2016-12-11
openSUSE openSUSE-SU-2016:3005-1 libarchive 2016-12-05
openSUSE openSUSE-SU-2016:3002-1 libarchive 2016-12-05
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds