CVE-2018-1000877 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary code execution
Description	A double-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the parse_codes() function in archive_read_support_format_rar.c. An attacker can use a specially crafted RAR file to cause a call to realloc with a size of 0, effectively freeing the memory which will be freed again at a later time.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-837	libarchive	3.3.3-1	3.4.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
25 Jun 2019	ASA-201906-21	AVG-837	libarchive	High	multiple issues

References
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 https://github.com/libarchive/libarchive/pull/1105 https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31

References

https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
https://github.com/libarchive/libarchive/pull/1105
https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31