CVE-2016-4300

libarchive/libarchive
on github

Published

Severity

CVSS v3:
7.8 HIGH
CVSS v2:
6.8 MEDIUM

Description

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*n/a3.2.0 (including)*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*n/an/a7.0
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*n/an/a7.2
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*n/an/a7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*n/an/a7.0
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*n/an/a7.0
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*n/an/a7.2
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*n/an/a7.2

External Links