Skip to main content

Libarchive CVE-2019-1000019

MEDIUM
Out-of-bounds Read (CWE-125)
2019-02-04 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 04, 2019 - 21:29 nvd
MEDIUM 6.5

DescriptionNVD

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file.

AnalysisAI

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. Affected products include: Libarchive, Debian Debian Linux, Canonical Ubuntu Linux, Fedoraproject Fedora, Opensuse Leap.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2024-37407 CRITICAL POC
9.1 Jun 08

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enable

CVE-2016-5418 HIGH POC
7.5 Sep 21

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which mig

CVE-2016-4301 HIGH POC
7.8 Sep 21

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2

CVE-2016-4302 HIGH POC
7.8 Sep 21

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 a

CVE-2016-4300 HIGH POC
7.8 Sep 21

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 al

CVE-2015-8931 HIGH POC
7.8 Sep 20

Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtr

CVE-2025-5914 HIGH POC
7.8 Jun 09

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that lea

CVE-2024-48615 HIGH POC
7.5 Mar 28

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pa

CVE-2015-2304 MEDIUM POC
6.4 Mar 15

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arb

CVE-2016-5844 MEDIUM POC
6.5 Sep 21

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (appl

CVE-2016-1541 HIGH
8.8 May 07

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive befo

CVE-2022-26280 MEDIUM POC
6.5 Mar 28

Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. Rated medium s

Share

CVE-2019-1000019 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy