Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 79 results


CVE-2024-48958

Medium priority
Fixed

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-48957

Medium priority
Fixed

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-37407

Medium priority
Not affected

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-26256

Medium priority
Fixed

Libarchive Remote Code Execution Vulnerability

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-20696

Medium priority

Some fixes available 4 of 7

Windows libarchive Remote Code Execution Vulnerability

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-30571

Negligible priority
Ignored

Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with...

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Ignored Ignored Ignored Ignored
Show less packages

CVE-2022-36227

Low priority

Some fixes available 5 of 6

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE:...

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-26280

Medium priority
Fixed

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-31566

Low priority

Some fixes available 2 of 6

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim...

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-23177

Low priority

Some fixes available 2 of 6

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw...

1 affected packages

libarchive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libarchive Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages