{"id":"CVE-2017-11124","details":"libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.","modified":"2026-03-15T22:13:37.718786Z","published":"2017-07-10T03:29:00.177Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2S2KRIILUKBJHXDNYJQQX74TFUQRG5ND/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YV6RF6VWM7AFYFTTS7VY5TNH26QUEEFC/"},{"type":"ADVISORY","url":"https://blogs.gentoo.org/ago/2017/06/28/xar-null-pointer-dereference-in-xar_unserialize-archive-c/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mackyle/xar","events":[{"introduced":"0"},{"last_affected":"570d6f282ac250408c1241961678f6ee3ca5f27b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.1"}]}}],"versions":["xar-1.6.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-11124.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}