Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security issues in Libarchive file compression library affect hundreds of projects

Experts from Cisco Talos discovered multiple security issues in the Libarchive library that is used by hundreds of other projects, including FreeBSD. Security vulnerabilities in the popular open source compression toolkit Libarchive affect countless of other projects that include the library. The flaw was discovered by experts from the Cisco Talos team that supported the Libarchive development team to […]

Security issues in Libarchive file compression library affect hundreds of projects

Experts from Cisco Talos discovered multiple security issues in the Libarchive library that is used by hundreds of other projects, including FreeBSD.

Security vulnerabilities in the popular open source compression toolkit Libarchive affect countless of other projects that include the library.

The flaw was discovered by experts from the Cisco Talos team that supported the Libarchive development team to solve the issues.

The library was created in 2004 for the FreeBSD project, but it is currently adopted by various file compression utilities and other popular projects, including Linux Debian.

The experts from Cisco Talos team have detailed the series of security issues that affect the library explaining that it is quite easy to exploit them by using a specially crafted ZIP file.

It is sufficient that a software including the open source compression library opens the malicious compressed archive.

libarchive

Below the list of flaws in the Libarchive discovered by the Talos group:

TALOS-2016-0152 [CVE-2016-4300]:
7-ZIP READ_SUBSTREAMSINFO INTEGER OVERFLOW

It is a heap overflow vulnerability that resides in the 7zip read_SubStreamsInfo functionality of libarchive. An attacker can trigger an integer overflow by using a specially crafted 7zip archive resulting in memory corruption allowing him to execute arbitrary code.

TALOS-2016-0153 [CVE-2016-4301]:
MTREE PARSE_DEVICE STACK BASED BUFFER OVERFLOW

It is an exploitable stack based buffer overflow vulnerability that exists in the mtree parse_device functionality of libarchive. In this case, a specially crafted mtree file can trigger a buffer overflow causing a memory corruption/code execution.

TALOS-2016-0154 [CVE-2016-4302]:
LIBARCHIVE RAR RESTARTMODEL HEAP OVERFLOW

It is a heap overflow vulnerability in the Rar decompression functionality of library. An attacker can trigger it by using a specially crafted Rar file causing a heap corruption. An attacker can send a malformed file to trigger this vulnerability.

Cisco confirmed that all the security vulnerabilities have been already fixed, but there is the risk that a large number of products that rely on Libarchive will take time to include the latest version of the library (v3.2.1).

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – open source compression toolkit, hacking)