libarchive (SUSE:Linux Enterprise Server 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP2 package libarchive, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2016-6250 — CVSS 8.6 (high): Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash)…
CVE-2016-5418 — CVSS 7.5 (high): The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote…
CVE-2016-8687 — CVSS 7.5 (high): Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of…
CVE-2016-8689 — CVSS 7.5 (high): The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service…
CVE-2016-5844 — CVSS 6.5 (medium): Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via…
CVE-2015-2304 — CVSS 6.4 (medium): Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a…
CVE-2016-8688 — CVSS 5.5 (medium): The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to…