CVE-2015-8916

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.2.0

Description The issue allows remote attackers to cause a denial of service, resulting in a crash due to a NULL pointer dereference, by providing a crafted RAR file that is a split file in a multivolume RAR archive. This occurs because the software returns a success code without filling the entry when encountering such a header.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of multivolume RAR archives to minimize the risk of exploitation.