CVE-2011-1777

Name of the Vulnerable Software and Affected Versions libarchive versions 2.8.3 through 2.8.5 libarchive versions prior to 3.1.2-r1

Description The issue involves multiple buffer overflows in the heap add entry and relocate dir functions in archive read support format iso9660.c, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code via a crafted ISO9660 image. This can lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For libarchive versions 2.8.3 through 2.8.5, update to a version later than 2.8.5. For libarchive versions prior to 3.1.2-r1, update to version 3.1.2-r1 or later. As a temporary workaround, consider restricting access to crafted ISO9660 images to minimize the risk of exploitation.