Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
[ { "digest": { "function_hash": "309817211665878327421998864817834101098", "length": 1894.0 }, "id": "CVE-2016-5844-551aa48b", "source": "https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22", "target": { "file": "libarchive/archive_read_support_format_iso9660.c", "function": "choose_volume" }, "signature_version": "v1", "signature_type": "Function", "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "287042840477540275625850996134666006298", "87990772638453445820226490349349017729", "312159165154221987531715771017557086519", "128458302336956338563818647561733167893", "22510921523173158530949685053004073533", "22022931925010635123919134066395979860", "104039671055020794243656096233377259206", "169900654792378509325950266459606794229" ] }, "id": "CVE-2016-5844-ce79393a", "source": "https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22", "target": { "file": "libarchive/archive_read_support_format_iso9660.c" }, "signature_version": "v1", "signature_type": "Line", "deprecated": false } ]