CVE-2011-1777
libarchive - buffer overflows
EPSS 3.0%
Description
Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.
How to fix CVE-2011-1777
To remediate CVE-2011-1777, upgrade the affected package to a fixed version below.
- Debian/libarchive—upgrade to 2.8.5-5 or later
- Debian/libarchive—upgrade to 2.8.4-1+squeeze1 or later
Is CVE-2011-1777 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.8.5-5
- from 0, < 2.8.4-1+squeeze1