CVE-2019-18408
Name
CVE-2019-18408
Description
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
NVD Severity
medium
Other trackers
CVE
,
NVD
,
CERT
,
CVE Details
,
CIRCL
,
Arch Linux
,
Debian
,
Red Hat
,
Ubuntu
,
Gentoo
,
SUSE (Bugzilla)
,
SUSE (CVE)
,
Mageia
Mailing lists
oss-security
,
full-disclosure
,
bugtraq
Exploits
Exploit DB
,
Metasploit
Forges
GitHub (
code
,
issues
), Aports (
code
,
issues
)
References
Type
URI
Patch
https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
Release Notes
https://github.com/libarchive/libarchive/compare/v3.3.3...v3.4.0
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689
Mailing List
https://lists.debian.org/debian-lts-announce/2019/10/msg00034.html
Third Party Advisory
https://usn.ubuntu.com/4169-1/
DEBIAN
https://www.debian.org/security/2019/dsa-4557
BUGTRAQ
https://seclists.org/bugtraq/2019/Nov/2
CONFIRM
https://support.f5.com/csp/article/K52144175?utm_source=f5support&utm_medium=RSS
SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00012.html
SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html
REDHAT
https://access.redhat.com/errata/RHSA-2020:0203
REDHAT
https://access.redhat.com/errata/RHSA-2020:0246
REDHAT
https://access.redhat.com/errata/RHSA-2020:0271
GENTOO
https://security.gentoo.org/glsa/202003-28
FEDORA
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LZ4VJGTCYEJSDLOEWUUFG6TM4SUPFSY/
Match rules
CPE URI
Source package
Min version
Max version
Vulnerable and fixed packages
Source package
Branch
Version
Maintainer
Status