Lucene search
GoogleOSV:DLA-617-1HistorySep 10, 2016 - 12:00 a.m.
libarchive - security update
2016-09-1000:00:00
Google
osv.dev
7
0.017 Low
EPSS
Percentile
87.9%
Several security vulnerabilities have been discovered in libarchive,
a multi-format archive and compression library. An attacker could
take advantage of these flaws to cause an out of bounds read or a
denial of service against an application using the libarchive12
library using a carefully crafted input file.
- CVE-2015-8915
Paris Zoumpouloglou of Project Zero labs discovered a flaw in
libarchive bsdtar. Using a crafted file bsdtar can perform an
out-of-bounds memory read which will lead to a SEGFAULT. - CVE-2016-7166
Alexander Cherepanov discovered a flaw in libarchive compression
handling. Using a crafted gzip file, one can get libarchive to
invoke an infinite chain of gzip compressors until all the memory
has been exhausted or another resource limit kicks in.
For Debian 7 Wheezy, these problems have been fixed in version
3.0.4-3+wheezy3.
We recommend that you upgrade your libarchive packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
| CPE | Name | Operator | Version |
|---|---|---|---|
| libarchive | eq | 3.0.4-3+nmu1 | |
| libarchive | eq | 3.0.4-3+wheezy1 | |
| libarchive | eq | 3.0.4-3+wheezy2 |
References
Related
openvas
openvas
Debian: Security Advisory (DLA-617-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3677-1 (libarchive - security update)
2016-09-25 00:00:00
Debian: Security Advisory (DSA-3677-1)
2016-09-24 00:00:00
nessus
nessus
Debian DLA-617-1 : libarchive security update
2016-09-12 00:00:00
Debian DSA-3677-1 : libarchive - security update
2016-09-26 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : libarchive vulnerabilities (USN-3225-1)
2017-03-10 00:00:00
debian
debian
[SECURITY] [DLA 617-1] libarchive security update
2016-09-10 16:46:08
[SECURITY] [DSA 3677-1] libarchive security update
2016-09-25 09:50:39
[SECURITY] [DSA 3677-1] libarchive security update
2016-09-25 09:50:39
prion
prion
Code injection
2016-09-20 14:15:00
Code injection
2016-09-21 14:25:00
cve
cve
CVE-2015-8915
2016-09-20 14:15:00
CVE-2016-7166
2016-09-21 14:25:29
ubuntucve
ubuntucve
CVE-2015-8915
2016-09-20 00:00:00
CVE-2016-7166
2016-09-21 00:00:00
cvelist
cvelist
CVE-2015-8915
2016-09-20 14:00:00
CVE-2016-7166
2016-09-21 14:00:00
veracode
veracode
Denial Of Service (DoS)
2018-08-01 02:18:55
Denial Of Service (DoS)
2019-05-02 05:49:24
debiancve
debiancve
CVE-2015-8915
2016-09-20 14:15:00
CVE-2016-7166
2016-09-21 14:25:29
nvd
nvd
CVE-2015-8915
2016-09-20 14:15:00
CVE-2016-7166
2016-09-21 14:25:29
rosalinux
rosalinux
Advisory ROSA-SA-2021-1862
2021-07-02 17:10:44
ubuntu
ubuntu
libarchive vulnerabilities
2017-03-09 00:00:00
centos
centos
libarchive security update
2016-09-15 22:26:12
bsdcpio, bsdtar, libarchive security update
2016-09-16 00:18:58
cloudfoundry
cloudfoundry
USN-3225-1: libarchive vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
oraclelinux
oraclelinux
libarchive security update
2016-09-12 00:00:00
libarchive security update
2016-09-12 00:00:00
redhat
redhat
(RHSA-2016:1850) Important: libarchive security update
2016-09-12 15:10:17
(RHSA-2016:1844) Important: libarchive security update
2016-09-12 15:10:21
ibm
ibm
Security Bulletin: Vulnerabilities in libarchive affect PowerKVM
2018-06-18 01:33:29
osv
osv
libarchive - security update
2018-11-29 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
amazon
amazon
Important: libarchive
2016-09-27 10:30:00