CVE-2016-1541
Public on 2016-05-07
Modified on 2016-09-27
Description
A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | libarchive | 2016-09-27 | ALAS-2016-743 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 6.0 | AV:N/AC:M/Au:S/C:P/I:P/A:P |
| Amazon Linux | CVSSv3 | 8.4 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L |
| NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |