Icycityone

**Name of the Vulnerable Software and Affected Versions** libarchive version 3.6.0 **Description** The issue is related to an out-of-bounds read via the `zipx lzma alone init()` function in the libarchive library. This can allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability is associated with a buffer read beyond boundaries in memory. **Recommendations** For libarchive version 3.6.0, consider updating to a newer version that includes fixes for the out-of-bounds read issues, such as fixes for the 7zip reader, ZIP reader, ISO reader, and RARv4 reader. As a temporary workaround, consider restricting the use of the `zipx lzma alone init()` function until a patch is available.