-
Security Vulnerability
-
Resolution: Fixed
-
Normal
-
None
-
None
app-arch/libarchive-3.5.1 has medium severity vulnerability
libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
more info: https://nvd.nist.gov/vuln/detail/CVE-2021-36976
example packages that depend on app-arch/libarchive
$ equery depends libarchive <REDACTED> dev-libs/appstream-glib-0.7.14 (app-arch/libarchive) dev-util/cmake-3.19.7 (>=app-arch/libarchive-3.3.3) gnome-base/gvfs-1.44.1 (archive ? app-arch/libarchive) media-video/vlc-3.0.16 (archive ? app-arch/libarchive) net-fs/samba-4.13.4-r1 (>=app-arch/libarchive-3.1.2)