vulnerability
Oracle Linux: CVE-2016-1541: ELSA-2016-1844: libarchive security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:S/C:C/I:C/A:P) | May 2, 2016 | Sep 12, 2016 | Nov 27, 2024 |
Severity
7
CVSS
(AV:N/AC:H/Au:S/C:C/I:C/A:P)
Published
May 2, 2016
Added
Sep 12, 2016
Modified
Nov 27, 2024
Description
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
Solution(s)
oracle-linux-upgrade-bsdcpiooracle-linux-upgrade-bsdtaroracle-linux-upgrade-libarchiveoracle-linux-upgrade-libarchive-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.