An error in the lhareadfileheader1() function (archivereadsupportformatlha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
{ "vanir_signatures": [ { "id": "CVE-2017-5601-0c9a258d", "digest": { "length": 1651.0, "function_hash": "336704226165769747464089933487872960037" }, "signature_type": "Function", "target": { "file": "libarchive/archive_read_support_format_lha.c", "function": "lha_read_file_header_1" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9" }, { "id": "CVE-2017-5601-864d99df", "digest": { "threshold": 0.9, "line_hashes": [ "154933373695779527317611311915132494466", "42771799760974896591912558998750698051", "84107349244644041201078345399127083101" ] }, "signature_type": "Line", "target": { "file": "libarchive/archive_read_support_format_lha.c" }, "deprecated": false, "signature_version": "v1", "source": "https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9" } ] }