FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libarchive -- multiple vulnerabilities

Affected packages
		libarchive	<	3.2.1,1

Details

VuXML ID	4a0d9b53-395d-11e6-b3c8-14dae9d210b8
Discovery	2016-06-23
Entry	2016-06-23

Hanno Bock and Cisco Talos report:

Out of bounds heap read in RAR parser

Signed integer overflow in ISO parser

TALOS-2016-0152 [CVE-2016-4300]: 7-Zip read_SubStreamsInfo Integer Overflow

TALOS-2016-0153 [CVE-2016-4301]: mtree parse_device Stack Based Buffer Overflow

TALOS-2016-0154 [CVE-2016-4302]: Libarchive Rar RestartModel Heap Overflow

[source]

References

CVE Name	CVE-2015-8934
CVE Name	CVE-2016-4300
CVE Name	CVE-2016-4301
CVE Name	CVE-2016-4302
URL	http://blog.talosintel.com/2016/06/the-poisoned-archives.html
URL	http://openwall.com/lists/oss-security/2016/06/23/6
URL	https://github.com/libarchive/libarchive/issues/521
URL	https://github.com/libarchive/libarchive/issues/717#event-697151157