Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
{ "vanir_signatures": [ { "source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a", "deprecated": false, "signature_version": "v1", "signature_type": "Line", "digest": { "line_hashes": [ "274947236785517941576769110957933520277", "162673665667336708429251698339556414402", "30924440026046384237080647977686539477", "6762232481255207823455611895071712144" ], "threshold": 0.9 }, "id": "CVE-2016-8687-2b8436e1", "target": { "file": "tar/util.c" } }, { "source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a", "deprecated": false, "signature_version": "v1", "signature_type": "Function", "digest": { "function_hash": "306124670893253162293110805501400168732", "length": 1454.0 }, "id": "CVE-2016-8687-f2b8937e", "target": { "file": "tar/util.c", "function": "safe_fprintf" } } ] }