CVE-2019-19221

Published November 21st, 2019

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

2.1

LOW

Affected

PROJECT

Description

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

libarchive/libarchive

Multi-format archive and compression library

GitHub

3.52K