archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7_DecodeSymbol.
[ { "signature_version": "v1", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60", "signature_type": "Line", "target": { "file": "libarchive/archive_read_support_format_rar.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "13530669440819548829446001627315510983", "30206279959829505410740378601657428285", "258630186411923425322575083560185010329", "104342156800089152430308786258263019379", "14505537362856709045373209306677344244" ] }, "id": "CVE-2019-18408-6384e45e" }, { "signature_version": "v1", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60", "signature_type": "Function", "target": { "function": "archive_read_format_rar_read_data", "file": "libarchive/archive_read_support_format_rar.c" }, "digest": { "function_hash": "154621412525457028729577760007049177315", "length": 1230.0 }, "id": "CVE-2019-18408-f9458321" } ]