PT-2019-4148 · Libarchive+6 · Libarchive+6

Sanjeevk001

Published

2019-11-07

Updated

2026-04-02

CVE-2019-19221

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Libarchive version 3.4.0

Description The issue is related to an out-of-bounds read in the archive wstring append from mbs function in archive string.c. This occurs due to an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes when processing a crafted archive. The vulnerability may allow an attacker to read the contents of memory in the system using a specially crafted archive file.

Recommendations For Libarchive version 3.4.0, consider updating to a newer version to mitigate the risk, as the current version has an out-of-bounds read issue in the archive wstring append from mbs function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2020:4443

ALT-PU-2020-2870

ALT-PU-2020-2874

BDU:2019-04728

CESA-2020_4443

CVE-2019-19221

DLA-2987-1

DLA-3202-1

MGASA-2020-0127

OPENSUSE-SU-2024:10925-1

RHSA-2020:4443

RHSA-2020_4443

SUSE-SU-2021:3722-1

SUSE-SU-2021_3722-1

USN-4293-1

USN-8147-1

Affected Products

Alt Linux

Almalinux

Centos

Libarchive

Red Hat

Suse

Ubuntu

PT-2019-4148 · Libarchive+6 · Libarchive+6

CVE-2019-19221

Weakness Enumeration

Related Identifiers

Affected Products

References · 62