CVE-2017-14166 (retired)

Priority
Description
libarchive 3.3.2 allows remote attackers to cause a denial of service
(xml_data heap-based buffer over-read and application crash) via a crafted
xar archive, related to the mishandling of empty strings in the atol8
function in archive_read_support_format_xar.c.
Package
Upstream:released (3.2.2-3.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.1.2-11ubuntu0.16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.2.2-3.1)
Patches:
Upstream:https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
More Information

Updated: 2019-09-19 16:02:12 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)