Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 582526 (CVE-2016-1541) - <app-arch/libarchive-3.1.2-r5: heap-based buffer overflow due to improper input validation (CVE-2016-1541)
Summary: <app-arch/libarchive-3.1.2-r5: heap-based buffer overflow due to improper inp...
Alias: CVE-2016-1541
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa cve]
Depends on: CVE-2015-8916, CVE-2015-8917, CVE-2015-8918, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8927, CVE-2015-8928, CVE-2015-8929, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934
  Show dependency tree
Reported: 2016-05-09 09:36 UTC by Agostino Sarubbo
Modified: 2017-01-01 14:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-05-09 09:36:58 UTC
From ${URL} :

A vulnerability was found in libarchive. A crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the current user. The user must be coerced into unzipping the 
crafted zip file.

External references:

Upstream fix:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Adam Feldman gentoo-dev 2016-05-11 04:03:44 UTC
Resolved by revbump to 3.1.2-r5 in 0001631411acdce8a01050c8ff0295825cca626c.

Was going to vbump, but since upstream made their first release since 2013 despite active development, a vbump is too much work to expeditiously handle this bug.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-06-27 12:45:28 UTC
CVE-2016-1541 (
  Heap-based buffer overflow in the zip_read_mac_metadata function in
  archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote
  attackers to execute arbitrary code via crafted entry-size values in a ZIP
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-06-27 12:49:37 UTC
Added to existing GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-01-01 14:34:28 UTC
This issue was resolved and addressed in
 GLSA 201701-03 at
by GLSA coordinator Thomas Deutschmann (whissi).