libarchive: use-after-free (CVE-2019-18408)
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-18408
Patch:
https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
Affected branches:
-
master (6787a7e2) -
3.10-stable -
3.9-stable -
3.8-stable -
3.7-stable
Edited by Kevin Daudt