CVE-2013-0211

Publication date 25 March 2013

Last updated 24 July 2024


Ubuntu priority

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.

Status

Package Ubuntu Release Status
libarchive 14.10 utopic
Not affected
14.04 LTS trusty
Not affected
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 3.0.3-6ubuntu1.1
11.10 oneiric Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libarchive

References

Related Ubuntu Security Notices (USN)

    • USN-2549-1
    • libarchive vulnerabilities
    • 25 March 2015

Other references