Known Vulnerabilities for products from Libarchive
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libarchive".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5121 | Not Provided | 2026-03-30 | 2026-03-31 | |
| CVE-2021-36976 | libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). | 6.5 - MEDIUM | 2021-07-20 | 2024-03-27 |
| CVE-2021-31566 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-08-23 | 2024-03-27 |
| CVE-2021-23177 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-08-23 | 2022-12-03 |
| CVE-2020-21674 | Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attack... | 6.5 - MEDIUM | 2020-10-15 | 2020-10-26 |
| CVE-2020-9308 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted hea... | 8.8 - HIGH | 2020-02-20 | 2023-11-07 |
| CVE-2019-1000020 | libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop ... | 6.5 - MEDIUM | 2019-02-04 | 2023-11-07 |
| CVE-2019-1000019 | libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-o... | 6.5 - MEDIUM | 2019-02-04 | 2023-11-07 |
| CVE-2019-19221 | In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mb... | 5.5 - MEDIUM | 2019-11-21 | 2023-11-07 |
| CVE-2019-18408 | archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a c... | 7.5 - HIGH | 2019-10-24 | 2023-11-07 |
| CVE-2019-11463 | A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote a... | 5.5 - MEDIUM | 2019-04-23 | 2020-12-08 |
| CVE-2018-1000880 | libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improp... | 6.5 - MEDIUM | 2018-12-20 | 2023-11-07 |
| CVE-2018-1000879 | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL ... | 6.5 - MEDIUM | 2018-12-20 | 2023-11-07 |
| CVE-2018-1000878 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use A... | 8.8 - HIGH | 2018-12-20 | 2023-11-07 |
| CVE-2018-1000877 | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Doubl... | 8.8 - HIGH | 2018-12-20 | 2023-11-07 |
| CVE-2017-14503 | libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when ext... | 6.5 - MEDIUM | 2017-09-17 | 2018-12-28 |
| CVE-2017-14502 | read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR... | 7.5 - HIGH | 2017-09-17 | 2019-10-03 |
| CVE-2017-14501 | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extrac... | 6.5 - MEDIUM | 2017-09-17 | 2018-12-28 |
| CVE-2017-14166 | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application c... | 6.5 - MEDIUM | 2017-09-06 | 2019-08-15 |
| CVE-2017-5601 | An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attac... | 7.5 - HIGH | 2017-01-27 | 2018-11-30 |
Known software with vulnerabilities from Libarchive
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libarchive | Libarchive | 2.6.0 |