CVE-2015-8922

Published: Sep 20, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

Affected (9)

Products: Libarchive: Libarchive · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux · +1 more

Show all products

Libarchive: Libarchive · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux · Oracle: Linux

1 product

3 products

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Suse Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libarchive Libarchive	Up to 3.1.901a

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Novell Suse Linux Enterprise Desktop	Version 12.0 sp1
Novell Suse Linux Enterprise Server	Version 12.0 sp1
Novell Suse Linux Enterprise Software Development Kit	Version 12.0 sp1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 7

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (24)

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1844.html

Source: cve@mitre.org

http://www.debian.org/security/2016/dsa-3657

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/06/17/2

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/5

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/91312

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-3033-1

Source: cve@mitre.org

Third Party Advisory

https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/libarchive/libarchive/issues/513

Source: cve@mitre.org

https://security.gentoo.org/glsa/201701-03

Source: cve@mitre.org

https://www.suse.com/security/cve/CVE-2015-8922.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-1844.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3657

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/06/17/2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/17/5

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/91312

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-3033-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/libarchive/libarchive/issues/513

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201701-03

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.suse.com/security/cve/CVE-2015-8922.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.