GCVE-VVD-MAGEIA-2017-132

Advisory Published

Vulnetix · Advisory published December 28, 2017

The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (CVE-2016-10209) The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2016-10349) The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2016-10350)

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	pdns	0 (affected), 4.1.0-1.mga6 (unaffected)	—
Mageia	pdns-recursor	0 (affected), 4.1.0-1.mga6 (unaffected)	—
Mageia	libarchive	0 (affected), 3.2.2-1.3.mga5 (unaffected), 0 (affected), 3.2.2-1.3.mga5 (unaffected)	—