Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libarchive@2.4.17-2
purl pkg:deb/debian/libarchive@2.4.17-2
Next non-vulnerable version 3.3.3-4+deb10u1
Latest non-vulnerable version 3.3.3-4+deb10u1
Risk 4.0
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-4hvy-whmq-53ft
Aliases:
CVE-2015-8928
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.
3.1.2-11+deb8u3~bpo70+1
Affected by 7 other vulnerabilities.
VCID-4t89-41bc-3ba8
Aliases:
CVE-2019-1000020
multiple issues
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-fj5z-72gm-1yhx
Aliases:
CVE-2015-2304
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
3.0.4-3+wheezy1
Affected by 11 other vulnerabilities.
VCID-g5gx-6cyn-wkda
Aliases:
CVE-2016-5418
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
3.1.2-11+deb8u3
Affected by 6 other vulnerabilities.
VCID-gu6c-aam9-9bfs
Aliases:
CVE-2018-1000877
multiple issues
3.2.2-2+deb9u2
Affected by 6 other vulnerabilities.
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-gue4-gwmq-cud9
Aliases:
CVE-2019-1000019
multiple issues
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-hxfa-y27q-ebbd
Aliases:
CVE-2015-8931
Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.
3.1.2-11+deb8u3~bpo70+1
Affected by 7 other vulnerabilities.
VCID-jpyc-ymx3-uuhh
Aliases:
CVE-2018-1000879
multiple issues
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-k2jw-vx9c-1bg3
Aliases:
CVE-2018-1000878
multiple issues
3.2.2-2+deb9u2
Affected by 6 other vulnerabilities.
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-n56c-gd3f-1ba1
Aliases:
CVE-2018-1000880
multiple issues
3.2.2-2+deb9u2
Affected by 6 other vulnerabilities.
3.3.3-4+deb10u1
Affected by 0 other vulnerabilities.
VCID-pusd-k7nk-tbfc
Aliases:
CVE-2015-8924
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
3.1.2-11+deb8u3~bpo70+1
Affected by 7 other vulnerabilities.
VCID-zydt-8bwa-37bw
Aliases:
CVE-2016-5844
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
3.1.2-11+deb8u3~bpo70+1
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:48:21.419505+00:00 Debian Oval Importer Affected by VCID-g5gx-6cyn-wkda https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:47:27.377926+00:00 Debian Oval Importer Affected by VCID-4hvy-whmq-53ft https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:46:12.645163+00:00 Debian Oval Importer Affected by VCID-hxfa-y27q-ebbd https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:43:43.983481+00:00 Debian Oval Importer Affected by VCID-pusd-k7nk-tbfc https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:41:37.196929+00:00 Debian Oval Importer Affected by VCID-zydt-8bwa-37bw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:08:51.890683+00:00 Debian Oval Importer Affected by VCID-fj5z-72gm-1yhx https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 38.6.0
2026-06-02T02:31:50.321712+00:00 Debian Oval Importer Affected by VCID-jpyc-ymx3-uuhh https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-02T01:58:40.622708+00:00 Debian Oval Importer Affected by VCID-k2jw-vx9c-1bg3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-02T00:39:24.355801+00:00 Debian Oval Importer Affected by VCID-n56c-gd3f-1ba1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-01T23:15:03.717874+00:00 Debian Oval Importer Affected by VCID-4t89-41bc-3ba8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-01T23:14:51.337226+00:00 Debian Oval Importer Affected by VCID-gue4-gwmq-cud9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-01T22:55:58.728803+00:00 Debian Oval Importer Affected by VCID-gu6c-aam9-9bfs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0
2026-06-01T21:55:33.704219+00:00 Debian Oval Importer Affected by VCID-n56c-gd3f-1ba1 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0
2026-06-01T21:53:03.354482+00:00 Debian Oval Importer Affected by VCID-k2jw-vx9c-1bg3 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0
2026-06-01T21:40:43.650298+00:00 Debian Oval Importer Affected by VCID-gu6c-aam9-9bfs https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0