Daxtens

**Name of the Vulnerable Software and Affected Versions** libarchive versions 3.0.2 and later **Description** The issue is related to an out-of-bounds read in the libarchive library, specifically in the 7zip decompression functionality. This can be exploited by a remote attacker using a specially crafted 7zip file, potentially leading to a denial of service. The vulnerable function is located in archive read support format 7zip.c, specifically in the `header bytes()` function. **Recommendations** For libarchive versions 3.0.2 and later, consider avoiding the use of the 7zip decompression feature until a patch is available. As a temporary workaround, restrict access to specially crafted 7zip files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libarchive versions v2.8.0 onwards **Description** The issue is related to an infinite loop in the ISO9660 parser, specifically in the `read CE()` and `parse rockridge()` functions within the `archive read support format iso9660.c` file. This can result in a denial of service (DoS) when a victim opens a specially crafted ISO9660 file. The vulnerability is also described as a buffer memory read issue that can be exploited by a remote attacker using a specially crafted ISO9660 file to cause a denial of service. **Recommendations** For libarchive versions v2.8.0 onwards, update to a version that includes a fix for the infinite loop issue in the ISO9660 parser. As a temporary workaround, consider restricting access to specially crafted ISO9660 files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) Description: The issue is related to a NULL pointer dereference in the `archive acl from text l()` function of the libarchive library. This can be exploited by a remote attacker using a specially crafted archive file, potentially leading to a denial of service. The exploitation requires the victim to open the malicious archive. Recommendations: For libarchive versions commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards), consider avoiding the use of the `archive acl from text l()` function until a patch is available. As a temporary workaround, restrict access to specially crafted archive files to minimize the risk of exploitation.