Memory Leak Vulnerability in Libarchive Affects Users of Development Code
CVE-2019-11463

5.5MEDIUM

Key Information:

Vendor: Libarchive
Status: Libarchive
Vendor: CVE Published:; 23 April 2019

What is CVE-2019-11463?

A memory leak occurs in the Libarchive library, specifically in the archive_read_format_zip_cleanup function, which can be exploited by remote attackers. This vulnerability arises due to a typo in the HAVE_LZMA_H definition, allowing crafted ZIP files to disrupt service by triggering this leak. It’s important to note that only users who have downloaded the development version from GitHub are affected, while those utilizing the official releases remain safe.

References

https://github.com/libarchive/libarchive/issues/1165

x_refsource_MISC

https://github.com/libarchive/libarchive/commit/ba641f73f...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2019
Vulnerability Reserved
Apr 22, 2019