Buffer Overflow Vulnerability in libarchive Affects FreeBSD and Debian Products
CVE-2007-3641

Currently unrated

Key Information:

Vendor: FreeBSD
Status: Libarchive
Vendor: CVE Published:; 14 July 2007

What is CVE-2007-3641?

A vulnerability exists in libarchive due to improper length calculation of a buffer when handling malformed PAX extension headers. This flaw potentially allows user-assisted remote attackers to exploit the library, causing a denial of service, such as crashes, and could lead to the execution of arbitrary code by triggering a buffer overflow through specially crafted PAX or TAR archives.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35405

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2007/2521

vdb-entryx_refsource_VUPEN

http://www.debian.org/security/2008/dsa-1455

vendor-advisoryx_refsource_DEBIAN

EPSS Score

35% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 14, 2007
Vulnerability Reserved
Jul 9, 2007