VDB

GCVE-110-MAGEIA-2016-318

GCVE-110-MAGEIA-2016-318
Advisory Published
Vulnetix · Advisory published September 25, 2016
The updated packages fix several security vulnerabilities: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418, issues #745 and #746) Very long pathnames evade symlink checks (issue#744) size_t underflow leading to out of bounds heap read in process_extra() / archive_read_support_format_zip.c (issue#770) stack-based buffer overflow in bsdtar_expand_char (util.c) (issue#767) libarchive can compress, but cannot decompress zip some files (issue#748) hang in tar parser (issue#731) Out of bounds read in mtree parser (issue#747) heap-based buffer overflow in read_Header (archive_read_support_format_7zip.c) (issue#761)

Affected Products

VendorProductVersionsPlatforms
Mageialibarchive0 (affected), 3.2.1-1.2.mga5 (unaffected)

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›