{"id":"MGASA-2017-0132","summary":"Updated libarchive packages fix security vulnerabilities","details":"The archive_wstring_append_from_mbs function in archive_string.c in\nlibarchive 3.2.2 allows remote attackers to cause a denial of service\n(NULL pointer dereference and application crash) via a crafted archive\nfile. (CVE-2016-10209)\n\nThe archive_le32dec function in archive_endian.h in libarchive 3.2.2\nallows remote attackers to cause a denial of service (heap-based buffer\nover-read and application crash) via a crafted file. (CVE-2016-10349)\n\nThe archive_read_format_cab_read_header function in\narchive_read_support_format_cab.c in libarchive 3.2.2 allows remote\nattackers to cause a denial of service (heap-based buffer over-read and\napplication crash) via a crafted file. (CVE-2016-10350)\n","modified":"2026-04-16T06:22:45.486450044Z","published":"2017-05-07T20:20:23Z","upstream":["CVE-2016-10209","CVE-2016-10349","CVE-2016-10350"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0132.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20723"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/05/01/12"}],"affected":[{"package":{"name":"libarchive","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libarchive?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.2-1.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0132.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}