CVE-2019-1000020 log

Source
Severity Medium
Remote No
Type Denial of service
Description
libarchive version >=v2.8.0 contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.
Group Package Affected Fixed Severity Status Ticket
AVG-837 libarchive 3.3.3-1 3.4.0-1 High Fixed
Date Advisory Group Package Severity Description
25 Jun 2019 ASA-201906-21 AVG-837 libarchive High multiple issues
References
https://github.com/libarchive/libarchive/pull/1120
https://github.com/libarchive/libarchive/pull/1120/commits/8312eaa576014cd9b965012af51bc1f967b12423