Use-After-Free Vulnerability in Libarchive Affects Multiple Platforms
CVE-2019-18408

7.5HIGH

Key Information:

Vendor

Libarchive

Status
Libarchive
Vendor
CVE Published:
24 October 2019

What is CVE-2019-18408?

A use-after-free vulnerability exists in the archive_read_format_rar_read_data function in libarchive prior to version 3.4.0. This flaw can be exploited under specific conditions related to Ppmd7_DecodeSymbol, leading to potential security issues. It is crucial for users of affected versions to update to mitigate risks associated with this vulnerability.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
x_refsource_MISC
https://github.com/libarchive/libarchive/commit/b8592ecba...
x_refsource_MISC
https://github.com/libarchive/libarchive/compare/v3.3.3.....
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.