libarchive: Multiple vulnerabilities (CVE-2017-14501, CVE-2017-14502, CVE-2017-14503)
CVE-2017-14501: Out-of-bounds read in parse_file_info
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
References:
Patch:
https://github.com/mmatuska/libarchive/commit/13e87dcd9c37b533127cceb9f3e1e5a38d95e784
CVE-2017-14502: Off-by-one error in the read_header function
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14502
Patch:
https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
CVE-2017-14503: Out-of-bounds read in lha_read_data_none
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.References:
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14503
Patch:
https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14