CVE-2019-11463

Published: 4/23/2019 Last updated: 8/4/2024 Reserved: 4/22/2019

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-cpio

Products affected (1)

Product	Vendor	Version
n/a	n/a	12.2.5

References (4)

https://github.com/libarchive/libarchive/issues/1165
https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505
https://github.com/libarchive/libarchive/issues/1165
https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505