CVE-2011-1779

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.1.2-r1 libarchive versions 2.8.4 and 2.8.5

Description The issue concerns multiple vulnerabilities in the libarchive package, which can be exploited remotely. This exploitation may lead to a disruption in the confidentiality, integrity, and availability of protected information. Specifically, use-after-free vulnerabilities in certain versions of libarchive allow remote attackers to cause a denial of service, potentially leading to an application crash, via crafted archives or images, such as TAR archives or ISO9660 images.

Recommendations For libarchive versions prior to 3.1.2-r1, update to version 3.1.2-r1 or later to resolve the issue. For libarchive versions 2.8.4 and 2.8.5, consider disabling the use of crafted archives or images until a patch is available. Restrict access to vulnerable functions or modules to minimize the risk of exploitation.