First published: Mon Jan 07 2019(Updated: )
A double free vulnerability was found in libarchive in RAR decoder. A crafted archive could cause the application to crash. Upstream issue: <a href="https://github.com/libarchive/libarchive/pull/1105">https://github.com/libarchive/libarchive/pull/1105</a> Upstream patch: <a href="https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31">https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31</a>
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Libarchive |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-1663887 is classified as high due to its potential to cause application crashes.
To fix REDHAT-BUG-1663887, you should apply the latest patches provided by the libarchive development team.
REDHAT-BUG-1663887 affects applications that utilize the libarchive library for RAR file decoding.
REDHAT-BUG-1663887 is a double free vulnerability found in the RAR decoder of libarchive.
Yes, REDHAT-BUG-1663887 is being actively addressed with upstream patches in development.