Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
[
{
"signature_version": "v1",
"target": {
"file": "tar/util.c"
},
"source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a",
"digest": {
"line_hashes": [
"274947236785517941576769110957933520277",
"162673665667336708429251698339556414402",
"30924440026046384237080647977686539477",
"6762232481255207823455611895071712144"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2016-8687-2b8436e1",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"function": "safe_fprintf",
"file": "tar/util.c"
},
"source": "https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a",
"digest": {
"length": 1454.0,
"function_hash": "306124670893253162293110805501400168732"
},
"deprecated": false,
"id": "CVE-2016-8687-f2b8937e",
"signature_type": "Function"
}
]