CVE-2016-1541

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.2.0

Description The issue is related to a heap-based buffer overflow in the zip read mac metadata function, which can be exploited by remote attackers via crafted entry-size values in a ZIP archive. This can allow an attacker to execute arbitrary code. The vulnerability exists due to incorrect determination of compressed file sizes in ZIP archives, enabling an attacker to place arbitrary code in a file header, which will be executed with the privileges of the current user during the unarchiving process.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of ZIP archives from untrusted sources until the update is applied.