Vulnerability Details : CVE-2011-1777
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-1777
Probability of exploitation activity in the next 30 days: 1.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1777
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1777
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1777
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple Support
-
http://secunia.com/advisories/48034
Sign in
-
https://bugzilla.redhat.com/show_bug.cgi?id=705849
705849 – (CVE-2010-4666, CVE-2011-1777, CVE-2011-1778, CVE-2011-1779) CVE-2010-4666 CVE-2011-1777 CVE-2011-1778 CVE-2011-1779 Libarchive multiple security issues
-
http://code.google.com/p/libarchive/source/detail?r=3158
Google Code Archive - Long-term storage for Google Code Project Hosting.
-
http://www.debian.org/security/2012/dsa-2413
Debian -- Security Information -- DSA-2413-1 libarchive
-
https://rhn.redhat.com/errata/RHSA-2011-1507.html
RHSA-2011:1507 - Security Advisory - Red Hat Customer Portal
Products affected by CVE-2011-1777
- cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*