Lucene search

K
osvGoogleOSV:DLA-661-1
HistoryOct 17, 2016 - 12:00 a.m.

libarchive - security update

2016-10-1700:00:00
Google
osv.dev
21

0.019 Low

EPSS

Percentile

88.5%

Agostino Sarubbo of Gentoo discovered several security vulnerabilities
in libarchive, a multi-format archive and compression library. An
attacker could take advantage of these flaws to cause a buffer overflow
or an out of bounds read using a carefully crafted input file.

  • CVE-2016-8687
    Agostino Sarubbo of Gentoo discovered a possible stack-based buffer
    overflow when printing a filename in bsdtar_expand_char() of util.c.
  • CVE-2016-8688
    Agostino Sarubbo of Gentoo discovered a possible out of bounds read
    when parsing multiple long lines in bid_entry() and detect_form() of
    archive_read_support_format_mtree.c.
  • CVE-2016-8689
    Agostino Sarubbo of Gentoo discovered a possible heap-based buffer
    overflow when reading corrupted 7z files in read_Header() of
    archive_read_support_format_7zip.c.

For Debian 7 Wheezy, these problems have been fixed in version
3.0.4-3+wheezy5.

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;