CVE-2010-4666

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.1.2-r1

Description The issue concerns multiple vulnerabilities in the libarchive package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow vulnerability is present in libarchive 3.0 pre-release code, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted CAB file. This occurs due to improper handling of Huffman code data within LZX compressed data.

Recommendations For versions prior to 3.1.2-r1, update to version 3.1.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to libarchive until a patch is available. Avoid using libarchive to handle untrusted or crafted CAB files until the issue is resolved.