Security vulnerabilities in the popular open source compression toolkit Libarchive affect countless of other projects that include the library.
The flaw was discovered by experts from the Cisco Talos team that supported the Libarchive development team to solve the issues.
The library was created in 2004 for the FreeBSD project, but it is currently adopted by various file compression utilities and other popular projects, including Linux Debian.
The experts from Cisco Talos team have detailed the series of security issues that affect the library explaining that it is quite easy to exploit them by using a specially crafted ZIP file.
It is sufficient that a software including the open source compression library opens the malicious compressed archive.
Below the list of flaws in the Libarchive discovered by the Talos group:
It is a heap overflow vulnerability that resides in the 7zip read_SubStreamsInfo functionality of libarchive. An attacker can trigger an integer overflow by using a specially crafted 7zip archive resulting in memory corruption allowing him to execute arbitrary code.
It is an exploitable stack based buffer overflow vulnerability that exists in the mtree parse_device functionality of libarchive. In this case, a specially crafted mtree file can trigger a buffer overflow causing a memory corruption/code execution.
It is a heap overflow vulnerability in the Rar decompression functionality of library. An attacker can trigger it by using a specially crafted Rar file causing a heap corruption. An attacker can send a malformed file to trigger this vulnerability.
Cisco confirmed that all the security vulnerabilities have been already fixed, but there is the risk that a large number of products that rely on Libarchive will take time to include the latest version of the library (v3.2.1).
(Security Affairs – open source compression toolkit, hacking)