Several operating system
Both Windows and
The CVE-2019-18408 vulnerability is a use-after-free issue that could be exploited to cause a denial of service condition, and potentially to execute arbitrary code. The vulnerability could be exploited by tricking the victim into opening a specially-crafted malformed archive.
Google researchers discovered the CVE-2019-18408 vulnerability via OSS-Fuzz.
“archive_read_format_rar_read_data in archive_read_support_format_rar
The vulnerability has been already patched with the release of the version 3.4.0.
(SecurityAffairs – libarchive, malware)