CVE-2017-14503

CVE-2017-14503

EPSS 2.0%

libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/errata/RHSA-2019:2298 https://access.redhat.com/errata/RHSA-2019:3698 https://bugs.debian.org/875960 https://github.com/libarchive/libarchive/issues/948 https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html https://security.gentoo.org/glsa/201908-11 https://usn.ubuntu.com/3736-1/https://www.debian.org/security/2018/dsa-4360