[3.5] libarchive: Out of bounds read in lha_read_file_header_1() function (CVE-2017-5601)
The vulnerability is caused due to an error in the
“lha_read_file_header_1()” function
(archive_read_support_format_lha.c), which can be exploited to
trigger
an out-of-bounds read memory access via a specially crafted archive.
Affected versions:
libarchive version 3.2.2.
Other versions may also be affected.
Reference:
https://secunia.com/secunia\_research/2017-3/
Patch:
https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
(from redmine: issue id 6791, created on 2017-02-01, closed on 2017-02-02)
- Relations:
- parent #6789 (closed)
- Changesets:
- Revision 238237da by Sergei Lukin on 2017-02-01T13:19:51Z:
main/libarchive: security fixes #6791
CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function