VDB

CVE-2017-14166

CVE-2017-14166 PUBLISHED

libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.

EPSS 2.29% · 85.0th percentile

Risk Scores

EPSS Score
2.29%
85.0th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSlibarchive3.1.2-7ubuntu2, 3.1.2-7ubuntu2.2, 3.1.2-7ubuntu2.3
Ubuntu:16.04:LTSlibarchive3.1.2-11build1, 3.1.2-11ubuntu0.16.04.2, 3.1.2-11ubuntu0.16.04.3

Timeline

  • Sep 6, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Apr 26, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›