CVE-2007-3645

Name of the Vulnerable Software and Affected Versions: libarchive versions prior to 2.2.4

Description: The issue allows user-assisted remote attackers to cause a denial of service via specific conditions in tar headers or malformed pax extension headers in PAX or TAR archives, resulting in a NULL pointer dereference. Multiple vulnerabilities in the libarchive package can lead to violations of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations: For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of libarchive functions that handle tar and pax headers until a patch is available. Avoid using the archive read support format tar function in archive read support format tar.c until the issue is resolved.