CVE-2024-48957

Name

CVE-2024-48957

Description

execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://github.com/libarchive/libarchive/pull/2149
	https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5
cve@mitre.org	https://github.com/terrynini/CVE-Reports/blob/main/CVE-2024-48957/README.md

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= 0	< 3.7.5
`cpe:2.3:a:libarchive:libarchive::::::::`	libarchive	>= 3.6.0	< 3.7.5

References

Match rules

Vulnerable and fixed packages