|
|
CVE Reference: CVE-2007-3641 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3641 |
|
|
Description: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/35405 SUSE http://www.novell.com/linux/security/advisories/2007_15_sr.html ST 1018379 SAID Secunia Advisory: SA26050 Secunia Advisory: SA26062 Secunia Advisory: SA26355 Secunia Advisory: SA28377 MISC http://security.freebsd.org/patches/SA-07:05/libarchive.patch GENTOO http://security.gentoo.org/glsa/glsa-200708-03.xml FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-07:05.libarchive.asc DEBIAN http://www.debian.org/security/2008/dsa-1455 CONFIRM http://people.freebsd.org/~kientzle/libarchive/ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432924 BID 24885 |
|
| Return to the previous page. |
