libarchive: Multiple vulnerabilities (CVE-2019-19221, 2020-9308)
CVE-2019-19221: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
A vulnerability was found in Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
CVE-2020-9308: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
- master (98a20682)