VDB

GCVE-110-MAGEIA-2016-239

GCVE-110-MAGEIA-2016-239
Advisory Published
Vulnetix · Advisory published July 5, 2016
An out of bounds read in the rar parser: invalid read in function copy_from_lzss_window() when unpacking malformed rar (CVE-2015-8934). An exploitable heap overflow vulnerability exists in the 7zip read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4300). An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4301). An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability (CVE-2016-4302). A signed integer overflow in iso parser: integer overflow when computing location of volume descriptor (CVE-2016-5844). The libarchive package has been updated to version 3.2.1, fixing those issues and other bugs.

Affected Products

VendorProductVersionsPlatforms
Mageialibarchive3.2.1-1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›