Buffer Overflow Vulnerability in Libarchive Affected by Crafted CAB Files
CVE-2010-4666

Currently unrated

Key Information:

Vendor: FreeBSD
Status: Libarchive
Vendor: CVE Published:; 13 April 2012

What is CVE-2010-4666?

A buffer overflow vulnerability exists in the pre-release code of Libarchive, which can be triggered by remote attackers through specially crafted CAB files. This issue arises when the application fails to properly process Huffman code data contained within LZX compressed data, potentially resulting in application crashes or other unforeseen impacts. Attackers may exploit this flaw to disrupt service or execute arbitrary code, underscoring the need for timely patching and security mitigation strategies.

References

http://code.google.com/p/libarchive/source/detail?r=2842

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=705849

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 13, 2012
Vulnerability Reserved
Jan 3, 2011

FreeBSD

What is CVE-2010-4666?

References

Timeline