FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libarchive -- RCE vulnerability

Affected packages
libarchive < 3.2.0,1

Details

VuXML ID 2b4c8e1f-1609-11e6-b55e-b499baebfeaf
Discovery 2016-05-01
Entry 2016-05-09
Modified 2016-05-10

The libarchive project reports:

Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.

References

CVE Name CVE-2016-1541
URL https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7