Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
. Background The libarchive library provides a flexible interface for reading and writing streaming archive files such as tar and cpio, and has been the basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3. II. Problem Description Several problems have been found in the code used to parse the tar and pax interchange formats. These include entering an infinite loop if an archive prematurely ends within a pax extension header or if certain types of corruption occur in pax extension headers [CVE-2007-3644]; dereferencing a NULL pointer if an archive prematurely ends within a tar header immediately following a pax extension header or if certain other types of corruption occur in pax extension headers [CVE-2007-3645]; and miscomputing the length of a buffer resulting in a buffer overflow if yet another type of corruption occurs in a pax extension header [CVE-2007-3641]. III. Impact An attacker who can cause a corrupt archive of his choice to be parsed by libarchive, including by having "tar -x" (extract) or "tar -t" (list entries) run on it, can cause libarchive to enter an infinite loop, to core dump, or possibly to execute arbitrary code provided by the attacker. -------------------------- This is fixed in app-arch/libarchive-2.2.4 which is in portage now.
*** This bug has been marked as a duplicate of bug 184984 ***
