Tim Kientzle

7 exploits Active since Sep 2013
CVE-2016-6250 WRITEUP HIGH WRITEUP
libarchive <3.2.1 - Buffer Overflow
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
CVSS 8.6
CVE-2013-0211 WRITEUP WRITEUP
libarchive < 3.1.2 - Denial of Service via Integer Signedness Error in archive_write_zip_data
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow.
CVE-2016-8687 WRITEUP HIGH WRITEUP
libarchive 3.2.1 - Denial of Service via Crafted Non-Printable Multibyte Character in Filename
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVSS 7.5
CVE-2016-8688 WRITEUP MEDIUM WRITEUP
libarchive 3.2.1 - Out-of-bounds Read in mtree bidder
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.
CVSS 5.5
CVE-2016-8689 WRITEUP HIGH WRITEUP
libarchive 3.2.1 - Denial of Service via Multiple EmptyStream Attributes in 7zip Archive
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
CVSS 7.5
CVE-2022-36227 WRITEUP CRITICAL WRITEUP
libarchive <3.6.2 - Memory Corruption
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
CVSS 9.8
CVE-2025-25724 WRITEUP MEDIUM WRITEUP
libarchive < 3.7.7 - Denial of Service via Crafted TAR Archive with Verbose Mode
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
CVSS 4.0