Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
References
Affected products
Matching in nixpkgs
pkgs.libarchive
Multi-format archive and compression library
pkgs.libarchive-qt
Qt based archiving solution with libarchive backend
pkgs.haskellPackages.libarchive
Haskell interface to libarchive
pkgs.kodiPackages.vfs-libarchive
LibArchive Virtual Filesystem add-on for Kodi
pkgs.perlPackages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.python312Packages.libarchive-c
Python interface to libarchive
pkgs.python313Packages.libarchive-c
Python interface to libarchive
pkgs.python314Packages.libarchive-c
Python interface to libarchive
pkgs.haskellPackages.libarchive-clib
Haskell interface to libarchive (C sources)
pkgs.perl5Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.perl538Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.perl540Packages.ArchiveLibarchive
Modern Perl bindings to libarchive
pkgs.haskellPackages.archive-libarchive
Common interface using libarchive
pkgs.haskellPackages.libarchive-conduit
Read many archive formats with libarchive and conduit
pkgs.perlPackages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perlPackages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl5Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl5Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl538Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl538Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perl540Packages.ArchiveLibarchivePeek
Peek into archives without extracting them
pkgs.perl540Packages.TestArchiveLibarchive
Testing tools for Archive::Libarchive
pkgs.perlPackages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl5Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl538Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.perl540Packages.ArchiveLibarchiveExtract
Archive extracting mechanism (using libarchive)
pkgs.python312Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
pkgs.python313Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
pkgs.python314Packages.extractcode-libarchive
ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@nvmd Sergey Kazenyuk <kazenyuk@pm.me>
-
@dschrempf Dominik Schrempf <dominik.schrempf@gmail.com>
-
@minijackson Rémi Nicole <minijackson@riseup.net>
-
@sephalon Stefan Wiehler <me@sephalon.net>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@cpages Carles Pagès <page@ruiec.cat>
-
@edwtjo Edward Tjörnhammar <ed@cflags.cc>
-
@jcumming Jack Cummings <jack@mudshark.org>
-
@dan4ik605743 Danil Danevich <6057430gu@gmail.com>
-
@TomaSajt TomaSajt