CVE-2011-1777

Priority
Medium
Description
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir
functions in archive_read_support_format_iso9660.c in libarchive through
2.8.5 allow remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted ISO9660 image.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.8.0-2ubuntu0.1)
Ubuntu 11.04 (Natty Narwhal):released (2.8.4-1ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (2.8.4-1ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.8.5-3ubuntu1)
Patches:
Upstream:http://code.google.com/p/libarchive/source/detail?r=3158
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:04 UTC (commit 5347)