First published: Tue Jan 22 2013(Updated: )
Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/archive_write_set_format_zip.c, the "s" parameter is of type size_t (64 bit, unsigned) and is cast to a 64 bit signed integer. If "s" is larger than MAX_INT, it will not be set to "zip->remaining_data_bytes" even though it is larger than "zip->remaining_data_bytes", which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libarchive | <3.2.0 | 3.2.0 |
Libarchive Libarchive X64 | <=3.1.2 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
Fedoraproject Fedora | =17 | |
Fedoraproject Fedora | =18 | |
FreeBSD FreeBSD | =9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.