Out-of-Bounds Read Vulnerability in Libarchive by Libarchive Team
CVE-2019-19221

5.5MEDIUM

Key Information:

Vendor: Libarchive
Status: Libarchive
Vendor: CVE Published:; 21 November 2019

What is CVE-2019-19221?

In Libarchive version 3.4.0, an out-of-bounds read occurs in the function archive_wstring_append_from_mbs located in archive_string.c. This vulnerability is triggered by incorrect usage of the mbrtowc or mbtowc functions, leading to potential crashes in applications utilizing Libarchive, such as bsdtar, when processing specially crafted archive files. This flaw poses risks during archive manipulation and necessitates prompt mitigation to ensure application stability.

References

https://github.com/libarchive/libarchive/issues/1276

https://github.com/libarchive/libarchive/commit/22b1db9d4...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2019
Vulnerability Reserved
Nov 21, 2019