Vulnerability Description
Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Libarchive | 3.0 |
Related Weaknesses (CWE)
References
- http://code.google.com/p/libarchive/source/detail?r=2842
- https://bugzilla.redhat.com/show_bug.cgi?id=705849
- http://code.google.com/p/libarchive/source/detail?r=2842
- https://bugzilla.redhat.com/show_bug.cgi?id=705849
FAQ
What is CVE-2010-4666?
CVE-2010-4666 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is n...
How severe is CVE-2010-4666?
CVE-2010-4666 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4666?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Libarchive.