INFSA-2023:2532: libarchive security update
Information about definition
Identificator: INFSA-2023:2532
Type: security
Release date: 2025-03-05 17:37:08 UTC
Information about package
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Vulnerabilities description
- CVE-2022-36227
A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2022-36227
|
no information | 5.9 | no information |
Updated packages