archive_read_support_format_lha.c in libarchive before 3.4.1 does not ensure valid sizes for UTF-16 input, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted LHA archive. Reference: https://github.com/libarchive/libarchive/issues/1284 Upstream commit: https://github.com/libarchive/libarchive/commit/91cf9372e89f7af4582964b15ceb7fc6d1b37471
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1812636] Created libarchive3 tracking bugs for this issue: Affects: epel-6 [bug 1812640] Created mingw-libarchive tracking bugs for this issue: Affects: fedora-all [bug 1812637] Created python-libarchive tracking bugs for this issue: Affects: epel-7 [bug 1812641] Created python-libarchive-c tracking bugs for this issue: Affects: epel-7 [bug 1812642] Affects: epel-8 [bug 1812643] Affects: fedora-all [bug 1812638]
Vulnerability introduced in commit https://github.com/libarchive/libarchive/commit/0f1e37b54ae436536fe9522b9cb8380d9be29a03 , which was first introduced in upstream release 3.4.1.
The vulnerability was introduced and fixed in the same version, so there is actually no released version with the vulnerable code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20509