A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.
References
| Link | Resource |
|---|---|
| https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 | Patch Third Party Advisory |
| https://github.com/libarchive/libarchive/issues/1165 | Exploit Third Party Advisory |
| https://access.redhat.com/security/cve/cve-2019-11463 | Third Party Advisory |
| https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 | Patch Third Party Advisory |
| https://github.com/libarchive/libarchive/issues/1165 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:21
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 - Patch, Third Party Advisory | |
| References | () https://github.com/libarchive/libarchive/issues/1165 - Exploit, Third Party Advisory |
Information
Published : 2019-04-23 03:29
Updated : 2024-11-21 04:21
NVD link : CVE-2019-11463
Mitre link : CVE-2019-11463
CVE.ORG link : CVE-2019-11463
JSON object : View
Products Affected
libarchive
- libarchive
CWE
CWE-401
Missing Release of Memory after Effective Lifetime