Source: libarchive X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for libarchive. CVE-2024-48958[0]: | execute_filter_delta in archive_read_support_format_rar.c in | libarchive before 3.7.5 allows out-of-bounds access via a crafted | archive file because src can move beyond dst. https://github.com/libarchive/libarchive/pull/2148 https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 (v3.7.5) CVE-2024-48957[1]: | execute_filter_audio in archive_read_support_format_rar.c in | libarchive before 3.7.5 allows out-of-bounds access via a crafted | archive file because src can move beyond dst. https://github.com/libarchive/libarchive/pull/2149 https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b (v3.7.5) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-48958 https://www.cve.org/CVERecord?id=CVE-2024-48958 [1] https://security-tracker.debian.org/tracker/CVE-2024-48957 https://www.cve.org/CVERecord?id=CVE-2024-48957 Please adjust the affected versions in the BTS as needed.
