CVE-2013-4397

EPSS 4.3%

libtar - Multiple integer overflows

Published: 10/17/2013Modified: 4/28/2026

Description

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) name or (2) link in an archive, which triggers a heap-based buffer overflow.

Affected packages (2)

Debian/libtarfrom 0, < 1.2.20-1
Debian/libtarfrom 0, < 1.2.11-6+deb6u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4397