Out-of-Bounds Read Vulnerability in Libarchive Affects ISO9660 File Extraction
CVE-2017-14501

6.5MEDIUM

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
17 September 2017

What is CVE-2017-14501?

An out-of-bounds read vulnerability exists in the parse_file_info function within the archive_read_support_format_iso9660.c file of libarchive version 3.3.2. This flaw occurs when processing a specially crafted ISO9660 file, which can expose sensitive information or cause unexpected behavior during file extraction. Users of libarchive should be aware of the risk posed by this vulnerability and apply necessary security patches to mitigate potential exploitation.

References

https://github.com/libarchive/libarchive/issues/949
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2018/11/msg0...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4360
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.