pkg:Debian/libarchive
108 total CVEsCRITICAL2HIGH43MEDIUM49
✅ Check your installed version
All known vulnerabilities
- from 0, < 3.3.3-4+deb10u3
- from 0, < 3.4.3-2+deb11u2
- HIGH8.8CVE-2020-9308archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a…from 0, < 3.4.0-2
- HIGH8.8CVE-2018-1000878libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vuln…from 0, < 3.3.3-2
- from 0, < 3.1.2-11+deb8u6
- from 0, < 3.3.3-2
- from 0, < 3.1.2-11+deb8u1
- from 0, < 3.1.2-11.1
- HIGH8.6CVE-2016-6250Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash)…from 0, < 3.2.1-1
- from 0, < 3.4.3-2+deb11u3
- from 0, < 3.4.3-2+deb11u3
- HIGH7.8CVE-2025-25724list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service…from 0
- HIGH7.8CVE-2024-48958execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file…from 0, < 3.6.2-1+deb12u1
- HIGH7.8CVE-2024-48957execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file…from 0, < 3.6.2-1+deb12u1
- from 0, < 3.6.2-1+deb12u1
- from 0, < 3.6.2-1+deb12u1
- HIGH7.8CVE-2021-31566An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of…from 0, < 3.4.3-2+deb11u1
- HIGH7.8CVE-2021-23177An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.from 0, < 3.4.3-2+deb11u1
- HIGH7.8CVE-2016-4302Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attack…from 0, < 3.2.1-1
- HIGH7.8CVE-2016-4301Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote at…from 0, < 3.2.1-1
- HIGH7.8CVE-2016-4300Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attacke…from 0, < 3.2.1-1
- HIGH7.8CVE-2015-8931Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive…from 0, < 3.2.0-2
- from 0, < 3.4.3-2+deb11u4
- from 0, < 3.4.3-2+deb11u4
- HIGH7.5CVE-2026-4111A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() proces…from 0, < 3.4.3-2+deb11u4
- from 0, < 3.1.2-11+deb8u8
- from 0, < 3.2.2-2+deb9u2
- from 0, < 3.4.0-1
- HIGH7.5CVE-2017-14502read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, lea…from 0, < 3.2.2-4.1
- HIGH7.5CVE-2016-8689The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (ou…from 0, < 3.2.1-5
- from 0, < 3.2.1-5
- from 0, < 3.0.4-3+wheezy5
- from 0, < 3.0.4-3+wheezy5+deb7u1
- from 0, < 3.2.1-6
- from 0, < 3.0.4-3+wheezy4
- from 0, < 3.1.2-11+deb8u3
- from 0, < 3.2.1-4
- HIGH7.5CVE-2016-4809The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers…from 0, < 3.2.1-1
- HIGH7.5CVE-2015-8930bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is…from 0, < 3.2.0-2
- HIGH7.5CVE-2015-8921The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-boun…from 0, < 3.2.0-2
- HIGH7.5CVE-2015-8919The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause…from 0, < 3.2.0-2
- from 0, < 3.2.0-2
- from 0, < 3.0.4-3+wheezy2
- from 0, < 3.4.3-2+deb11u2
- from 0, < 3.6.2-1+deb12u2
- from 0, < 3.4.3-2+deb11u3
- from 0, < 3.6.2-1+deb12u3
- from 0, < 3.4.3-2+deb11u4
- MEDIUM6.5CVE-2022-26280Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.from 0, < 3.4.3-2+deb11u2
- from 0, < 3.4.3-2+deb11u2
- from 0, < 3.4.3-2+deb11u2
- MEDIUM6.5CVE-2019-1000020libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachab…from 0, < 3.3.3-4
- from 0, < 3.3.3-4
- from 0, < 3.1.2-11+deb8u7
- MEDIUM6.5CVE-2018-1000880libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Valid…from 0, < 3.3.3-2
- MEDIUM6.5CVE-2018-1000879libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Derefe…from 0, < 3.3.3-2
- MEDIUM6.5CVE-2017-14503libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a spec…from 0, < 3.2.2-4.1
- MEDIUM6.5CVE-2017-14501An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a special…from 0, < 3.2.2-4.2
- from 0, < 3.0.4-3+wheezy6+deb7u1
- from 0, < 3.2.2-3.1
- MEDIUM6.5CVE-2016-5844Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via…from 0, < 3.2.1-1
- MEDIUM6.5CVE-2015-8923The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers t…from 0, < 3.2.0-2
- from 0, < 3.2.0-2
- from 0, < 3.1.2-11+deb8u2
- from 0, < 3.4.3-2+deb11u3
- from 0
- MEDIUM5.5CVE-2025-60753An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafte…from 0
- from 0
- from 0, < 3.2.2-2+deb9u3
- from 0, < 3.4.2-1
- from 0, < 3.3.3-4+deb10u2
- MEDIUM5.5CVE-2016-10350The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause…from 0, < 3.2.2-3.1
- MEDIUM5.5CVE-2016-10349The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffe…from 0, < 3.2.2-3.1
- from 0, < 3.0.4-3+wheezy6
- from 0, < 3.2.2-3.1
- from 0, < 3.2.2-2+deb9u1
- MEDIUM5.5CVE-2016-8688The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to caus…from 0, < 3.2.1-5
- MEDIUM5.5CVE-2016-7166libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8934The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a…from 0, < 3.2.1-1
- MEDIUM5.5CVE-2015-8933Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8932The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a d…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8929Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cau…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8928The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8927The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a den…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8926The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to c…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8925The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of servic…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8924The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8922The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of…from 0, < 3.2.0-2
- MEDIUM5.5CVE-2015-8920The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of se…from 0, < 3.2.0-2
- from 0, < 3.2.0-2
- from 0, < 3.1.2-11+deb8u4
- from 0, < 3.0.4-3+wheezy3
- MEDIUM5.3CVE-2023-30571Libarchive through 3.6.2 can cause directories to have world-writable permissions.from 0
- from 0, < 3.4.3-2+deb11u3
- from 0, < 3.1.2-11
- from 0, < 3.0.4-3+wheezy1
- from 0, < 2.8.4.forreal-1+squeeze3
- —CVE-2013-0211Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when run…from 0, < 3.0.4-3
- —CVE-2011-1779Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application cras…from 0, < 3.0.4-2
- —CVE-2011-1778Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute ar…from 0, < 2.8.5-5
- from 0, < 2.8.5-5
- from 0, < 2.8.4-1+squeeze1
- —CVE-2010-4666Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly hav…from 0, < 3.0.4-2
- —CVE-2007-3645archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via…from 0, < 2.2.4-1
- from 0, < 2.2.4-1
- —CVE-2007-3644archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite l…from 0, < 2.2.4-1
- from 0, < 1.2.53-2etch1
- —CVE-2006-5680The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of s…from 0, < 1.3.1-1