A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (pz_log2_bs) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition.
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.1.2-7ubuntu2.8+esm5"
},
{
"binary_name": "bsdtar",
"binary_version": "3.1.2-7ubuntu2.8+esm5"
},
{
"binary_name": "libarchive13",
"binary_version": "3.1.2-7ubuntu2.8+esm5"
}
]
}{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm3"
},
{
"binary_name": "bsdtar",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm3"
},
{
"binary_name": "libarchive13",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm3"
}
]
}{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.2.2-3.1ubuntu0.7+esm3"
},
{
"binary_name": "bsdtar",
"binary_version": "3.2.2-3.1ubuntu0.7+esm3"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.2.2-3.1ubuntu0.7+esm3"
},
{
"binary_name": "libarchive13",
"binary_version": "3.2.2-3.1ubuntu0.7+esm3"
}
]
}