CVE-2019-19221

Published: Nov 21, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/libarchive/libarchive/issues/1276

https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41

FEDORA-2020-235688c222

vendor-advisory

USN-4293-1

vendor-advisory

[debian-lts-announce] 20220430 [SECURITY] [DLA 2987-1] libarchive security update

mailing-list

[debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-19221

Description

Affected Products

References