CVE-2011-1777

EUVD-2011-1775
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
freebsdlibarchive
𝑥
≤ 2.8.5
freebsdlibarchive
2.0
freebsdlibarchive
2.1
freebsdlibarchive
2.2
freebsdlibarchive
2.2.3
freebsdlibarchive
2.3
freebsdlibarchive
2.4
freebsdlibarchive
2.5
freebsdlibarchive
2.6
freebsdlibarchive
2.6.1
freebsdlibarchive
2.6.2
freebsdlibarchive
2.7.0
freebsdlibarchive
2.7.1
freebsdlibarchive
2.8.0
freebsdlibarchive
2.8.1
freebsdlibarchive
2.8.2
freebsdlibarchive
2.8.3
freebsdlibarchive
2.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u1
fixed
bookworm (security)
3.6.2-1+deb12u1
fixed
bullseye
3.4.3-2+deb11u1
fixed
sid
3.7.4-1.1
fixed
trixie
3.7.4-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
hardy
ignored
lucid
Fixed 2.8.0-2ubuntu0.1
released
maverick
Fixed 2.8.4-1ubuntu0.10.10.1
released
natty
Fixed 2.8.4-1ubuntu0.11.04.1
released
oneiric
Fixed 2.8.4-1ubuntu0.11.10.1
released
Common Weakness Enumeration
References
http://code.google.com/p/libarchive/source/detail?r=3158
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48034
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2413
https://bugzilla.redhat.com/show_bug.cgi?id=705849
https://rhn.redhat.com/errata/RHSA-2011-1507.html
http://code.google.com/p/libarchive/source/detail?r=3158
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://secunia.com/advisories/48034
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2012/dsa-2413
https://bugzilla.redhat.com/show_bug.cgi?id=705849
https://rhn.redhat.com/errata/RHSA-2011-1507.html