CVE-2018-1000878 log

Severity High
Remote No
Type Arbitrary code execution
A use-after-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the archive_read_format_rar_read_header() function in archive_read_support_format_rar.c. An attacker can use a specially crafted RAR file to cause the vulnerable function to free the buffer and allocate a new one, causing the ppmd7 decoder to continue reading from and writing to the freed buffer.
Group Package Affected Fixed Severity Status Ticket
AVG-837 libarchive 3.3.3-1 3.4.0-1 High Fixed
Date Advisory Group Package Severity Type
25 Jun 2019 ASA-201906-21 AVG-837 libarchive High multiple issues