CVE-2011-1777medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
References
http://code.google.com/p/libarchive/source/detail?r=3158
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48034
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2413
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:freebsd:libarchive:2.0:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.1:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.2:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.3:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.4:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.5:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.6:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:freebsd:libarchive:*:*:*:*:*:*:*:* versions up to 2.8.5 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 74259 | GLSA-201406-02 : libarchive: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 68396 | Oracle Linux 6 : libarchive (ELSA-2011-1507) | Nessus | Oracle Linux Local Security Checks | medium |
| 6482 | Mac OS X 10.7 < 10.7.4 Multiple Vulnerabilities | Nessus Network Monitor | Generic | critical |
| 59067 | Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 59066 | Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST) | Nessus | MacOS X Local Security Checks | critical |
| 58043 | Debian DSA-2413-1 : libarchive - buffer overflows | Nessus | Debian Local Security Checks | medium |
| 57341 | Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libarchive vulnerabilities (USN-1310-1) | Nessus | Ubuntu Local Security Checks | medium |
| 57332 | Mandriva Linux Security Advisory : libarchive (MDVSA-2011:190) | Nessus | Mandriva Local Security Checks | medium |
| 56990 | RHEL 6 : libarchive (RHSA-2011:1507) | Nessus | Red Hat Local Security Checks | medium |