An exploitable heap overflow vulnerability exists in the 7zip read_SubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this vulnerability. External references: http://www.talosintel.com/reports/TALOS-2016-0152/ Upstream fix: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573
libarchive-2.8 does not include the affected functionality. libarchive-3.1 has a smaller limit for UMAX_ENTRY (1m vs 100m), making exploitation more difficult but not impossible.
Created libarchive tracking bugs for this issue: Affects: fedora-all [bug 1352776]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html