Libarchive: libarchive: denial of service via malformed iso file processing
A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
References
Affected products
Matching in nixpkgs
pkgs.libarchive
Multi-format archive and compression library
pkgs.libarchive-qt
Qt based archiving solution with libarchive backend
pkgs.haskellPackages.libarchive
Haskell interface to libarchive
pkgs.kodiPackages.vfs-libarchive
LibArchive Virtual Filesystem add-on for Kodi
pkgs.perlPackages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.python312Packages.libarchive-c
Python interface to libarchive
pkgs.python313Packages.libarchive-c
Python interface to libarchive
pkgs.python314Packages.libarchive-c
Python interface to libarchive
pkgs.haskellPackages.libarchive-clib
Haskell interface to libarchive (C sources)
pkgs.perl5Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.perl538Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.perl540Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.haskellPackages.archive-libarchive
Common interface using libarchive
pkgs.haskellPackages.libarchive-conduit
Read many archive formats with libarchive and conduit
pkgs.perlPackages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perlPackages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl5Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl5Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl538Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl538Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl540Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl540Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perlPackages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl5Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl538Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl540Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.python312Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
pkgs.python313Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
pkgs.python314Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@sephalon Stefan Wiehler <me@sephalon.net>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@jcumming Jack Cummings <jack@mudshark.org>
-
@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
-
@TomaSajt TomaSajt