Skip to main content

Libarchive CVE-2016-10349

MEDIUM
Buffer Overflow (CWE-119)
2017-05-01 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 01, 2017 - 01:59 cve.org
MEDIUM 5.5

DescriptionCVE.org

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

AnalysisAI

The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Affected products include: Libarchive.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-37407 CRITICAL POC
9.1 Jun 08

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enable

CVE-2016-5418 HIGH POC
7.5 Sep 21

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which mig

CVE-2016-4301 HIGH POC
7.8 Sep 21

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2

CVE-2016-4302 HIGH POC
7.8 Sep 21

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 a

CVE-2016-4300 HIGH POC
7.8 Sep 21

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 al

CVE-2015-8931 HIGH POC
7.8 Sep 20

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtr

CVE-2025-5914 HIGH POC
7.8 Jun 09

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea

CVE-2024-48615 HIGH POC
7.5 Mar 28

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pa

CVE-2015-2304 MEDIUM POC
6.4 Mar 15

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arb

CVE-2016-5844 MEDIUM POC
6.5 Sep 21

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (appl

CVE-2016-1541 HIGH
8.8 May 07

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive befo

CVE-2022-26280 MEDIUM POC
6.5 Mar 28

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Rated medium s

Share

CVE-2016-10349 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy