[2.2] Vulnerability in libarchive allow remote code execution
A vulnerability has been found and corrected in libarchive:
Fabian Yamaguchi reported a read buffer overflow flaw in
libarchive on 64-bit systems where sizeof(size_t) is equal
to 8. In the archive_write_zip_data() function in libarchive/
archive_write_set_format_zip.c, the "s" parameter is of type
size_t
(64 bit, unsigned) and is cast to a 64 bit signed integer. If "s"
is
larger than MAX_INT, it will not be set to
"zip->remaining_data_bytes"
even though it is larger than "zip->remaining_data_bytes",
which
leads to a buffer overflow when calling deflate(). This can lead to a
segfault in an application that uses libarchive to create ZIP archives
(CVE-2013-0211).
https://bugzilla.redhat.com/show\_bug.cgi?id=902998
https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4.patch
(from redmine: issue id 1810, created on 2013-04-23, closed on 2013-04-25)
- Relations:
- parent #1806 (closed)
- Changesets:
- Revision 5a33772c by Natanael Copa on 2013-04-24T15:56:14Z:
main/libarchive: security fix (CVE-2013-0211)
fixes #1810