libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archivereadsupportformatwarc.c, warcread() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "bsdcpio" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "bsdtar" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "libarchive-dev" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "libarchive-tools" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "libarchive-tools-dbgsym" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "libarchive13" }, { "binary_version": "3.2.2-3.1ubuntu0.2", "binary_name": "libarchive13-dbgsym" } ] }