Add libarchive 3.2.0 for CVE-2016-5844

author: Nguyễn Gia Phong <cnx@loang.net> 2025-02-19 15:47:39 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-02-19 16:36:13 +0900
commit: 1b05cd6abedba0efdd548a7a648e4d9147ff13f8 (patch)
tree: bb39fb369c82a4fbdb5162400c3fa3e77946ab11 /bugs
parent: 2bc2903833f96d91d5d88c563499d1b49867dd1e (diff)
download: loftix-1b05cd6abedba0efdd548a7a648e4d9147ff13f8.tar.gz
2 files changed, 8 insertions, 0 deletions
diff --git a/bugs/README.md b/bugs/README.md
index 6ae8618..7378d71 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -41,6 +41,13 @@
       guix shell jasper@1.900.19
       imginfo -f cve/2016/9557/signed-int-overflow.jp2
 
+## libarchive
+
+- CVE-2016-5844: [signed integer overflow][libarchive-717]
+
+      guix shell libarchive@3.2.0
+      bsdtar -tf cve/2016/5844/libarchive-signed-int-overflow.iso
+
 ## libjpeg-turbo
 
 - CVE-2017-15232: [null pointer dereference][mozjpeg-268]
@@ -68,6 +75,7 @@
 
 [jasper-22]: https://github.com/jasper-software/jasper/issues/22
 [jasper-67]: https://github.com/jasper-software/jasper/issues/67
+[libarchive-717]: https://github.com/libarchive/libarchive/issues/717
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
diff --git a/bugs/cve/2016/5844/libarchive-signed-int-overflow.iso b/bugs/cve/2016/5844/libarchive-signed-int-overflow.iso
new file mode 100644
index 0000000..f262b04
--- /dev/null
+++ b/bugs/cve/2016/5844/libarchive-signed-int-overflow.iso
Binary files differ
author	Nguyễn Gia Phong <cnx@loang.net>	2025-02-19 15:47:39 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-02-19 16:36:13 +0900
commit	1b05cd6abedba0efdd548a7a648e4d9147ff13f8 (patch)
tree	bb39fb369c82a4fbdb5162400c3fa3e77946ab11 /bugs
parent	2bc2903833f96d91d5d88c563499d1b49867dd1e (diff)
download	loftix-1b05cd6abedba0efdd548a7a648e4d9147ff13f8.tar.gz