CVE-2011-1777

Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
freebsdlibarchive
𝑥
≤ 2.8.5
freebsdlibarchive
2.0
freebsdlibarchive
2.1
freebsdlibarchive
2.2
freebsdlibarchive
2.2.3
freebsdlibarchive
2.3
freebsdlibarchive
2.4
freebsdlibarchive
2.5
freebsdlibarchive
2.6
freebsdlibarchive
2.6.1
freebsdlibarchive
2.6.2
freebsdlibarchive
2.7.0
freebsdlibarchive
2.7.1
freebsdlibarchive
2.8.0
freebsdlibarchive
2.8.1
freebsdlibarchive
2.8.2
freebsdlibarchive
2.8.3
freebsdlibarchive
2.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bullseye
3.4.3-2+deb11u1
fixed
bookworm
3.6.2-1+deb12u1
fixed
bookworm (security)
3.6.2-1+deb12u1
fixed
trixie
3.7.4-1
fixed
sid
3.7.4-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
oneiric
Fixed 2.8.4-1ubuntu0.11.10.1
released
natty
Fixed 2.8.4-1ubuntu0.11.04.1
released
maverick
Fixed 2.8.4-1ubuntu0.10.10.1
released
lucid
Fixed 2.8.0-2ubuntu0.1
released
hardy
ignored
Common Weakness Enumeration
References
http://code.google.com/p/libarchive/source/detail?r=3158
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48034
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2413
https://bugzilla.redhat.com/show_bug.cgi?id=705849
https://rhn.redhat.com/errata/RHSA-2011-1507.html
http://code.google.com/p/libarchive/source/detail?r=3158
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48034
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2413
https://bugzilla.redhat.com/show_bug.cgi?id=705849
https://rhn.redhat.com/errata/RHSA-2011-1507.html