CVE-2019-11463

Name of the Vulnerable Software and Affected Versions libarchive version 3.3.4-dev

Description A memory leak in the archive read format zip cleanup function in archive read support format zip.c allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE LZMA H typo. This issue only affects users who downloaded the development code from GitHub, while users of the product's official releases are unaffected.

Recommendations For libarchive version 3.3.4-dev, consider avoiding the use of the archive read format zip cleanup function until a fix is available. As a temporary workaround, restrict the handling of ZIP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.