{"id":"CVE-2016-4300","details":"Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.","modified":"2026-04-11T03:43:46.977030Z","published":"2016-09-21T14:25:01.940Z","related":["MGASA-2016-0239","SUSE-SU-2016:1909-1","openSUSE-SU-2024:10127-1"],"references":[{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1844.html"},{"type":"ADVISORY","url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00062&languageid=en-fr"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-03"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3657"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348439"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/issues/718"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573"},{"type":"EVIDENCE","url":"http://blog.talosintel.com/2016/06/the-poisoned-archives.html"},{"type":"EVIDENCE","url":"http://www.talosintel.com/reports/TALOS-2016-0152/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libarchive/libarchive","events":[{"introduced":"0"},{"last_affected":"167e97be1d35c1e0947d768adbf94712244aad6b"},{"fixed":"e79ef306afe332faf22e9b442a2c6b59cb175573"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2.0"}]}}],"versions":["v3.0.0a","v3.0.1b","v3.1.900a","v3.2.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"read_SubStreamsInfo","file":"libarchive/archive_read_support_format_7zip.c"},"source":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573","signature_version":"v1","deprecated":false,"digest":{"length":2649,"function_hash":"46239902704382672067472777073698420896"},"signature_type":"Function","id":"CVE-2016-4300-15650bc9"},{"target":{"file":"libarchive/archive_read_support_format_7zip.c"},"source":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573","signature_version":"v1","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["114121825398685049637523548521724163081","158255184811572789911284109468266521732","335493315037050148892950470981890599307","209098857150887945768214746267601235406"]},"signature_type":"Line","id":"CVE-2016-4300-dee1363a"}],"vanir_signatures_modified":"2026-04-11T03:43:46Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4300.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}