CVE-2016-5844

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-5844
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5844.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-5844
Downstream
Related
Published
2016-09-21T14:25:16Z
Modified
2025-10-15T08:16:12.582842Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.

References

Affected packages

Git / github.com/libarchive/libarchive

Affected ranges

Type
GIT
Repo
https://github.com/libarchive/libarchive
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*

v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5

v3.*

v3.0.0a
v3.0.1b
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.1.900a
v3.1.901a
v3.2.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "309817211665878327421998864817834101098",
            "length": 1894.0
        },
        "id": "CVE-2016-5844-551aa48b",
        "source": "https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22",
        "target": {
            "file": "libarchive/archive_read_support_format_iso9660.c",
            "function": "choose_volume"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "287042840477540275625850996134666006298",
                "87990772638453445820226490349349017729",
                "312159165154221987531715771017557086519",
                "128458302336956338563818647561733167893",
                "22510921523173158530949685053004073533",
                "22022931925010635123919134066395979860",
                "104039671055020794243656096233377259206",
                "169900654792378509325950266459606794229"
            ]
        },
        "id": "CVE-2016-5844-ce79393a",
        "source": "https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22",
        "target": {
            "file": "libarchive/archive_read_support_format_iso9660.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false
    }
]