Vulnerability Details : CVE-2016-1541
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
Vulnerability category: OverflowInput validationExecute code
Products affected by CVE-2016-1541
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1541
17.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1541
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1541
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016
-
http://www.debian.org/security/2016/dsa-3574
Debian -- Security Information -- DSA-3574-1 libarchive
-
http://rhn.redhat.com/errata/RHSA-2016-1844.html
RHSA-2016:1844 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00003.html
openSUSE-SU-2016:1463-1: moderate: Security update for libarchive
-
http://www.kb.cert.org/vuls/id/862384
VU#862384 - libarchive contains a heap-based buffer overflow due to improper input validationThird Party Advisory;US Government Resource
-
https://github.com/libarchive/libarchive/issues/656
Vulnerable code, CVE-2016-1541 · Issue #656 · libarchive/libarchive · GitHub
-
https://security.gentoo.org/glsa/201701-03
libarchive: Multiple vulnerabilities (GLSA 201701-03) — Gentoo security
-
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
Issue #656: Fix CVE-2016-1541, VU#862384 · libarchive/libarchive@d0331e8 · GitHub
-
http://lists.opensuse.org/opensuse-updates/2016-06/msg00090.html
openSUSE-SU-2016:1663-1: moderate: Security update for libarchive
-
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.352685
The Slackware Linux Project: Slackware Security Advisories
-
http://www.securityfocus.com/bid/89355
libarchive 'archive_read_support_format_zip.c' Heap Buffer Overflow Vulnerability
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
-
http://www.ubuntu.com/usn/USN-2981-1
USN-2981-1: libarchive vulnerabilities | Ubuntu security notices
Jump to