{"id":"CVE-2016-4300","details":"Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.","modified":"2026-05-06T23:52:54.061804Z","published":"2016-09-21T14:25:01.940Z","related":["SUSE-SU-2016:1909-1","openSUSE-SU-2024:10127-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"3.2.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.2"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.2"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.2"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"DESCRIPTION","extracted_events":[{"fixed":"3.2.1"}]}]},"references":[{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1844.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3657"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91326"},{"type":"ADVISORY","url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00062&languageid=en-fr"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-03"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348439"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/issues/718"},{"type":"EVIDENCE","url":"http://blog.talosintel.com/2016/06/the-poisoned-archives.html"},{"type":"EVIDENCE","url":"http://www.talosintel.com/reports/TALOS-2016-0152/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libarchive/libarchive","events":[{"introduced":"0"},{"fixed":"e79ef306afe332faf22e9b442a2c6b59cb175573"}],"database_specific":{"source":"REFERENCES"}}],"versions":["v3.0.0a","v3.0.1b","v3.1.900a","v3.2.0"],"database_specific":{"vanir_signatures":[{"target":{"function":"read_SubStreamsInfo","file":"libarchive/archive_read_support_format_7zip.c"},"signature_version":"v1","digest":{"length":2649,"function_hash":"46239902704382672067472777073698420896"},"source":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573","signature_type":"Function","deprecated":false,"id":"CVE-2016-4300-15650bc9"},{"target":{"file":"libarchive/archive_read_support_format_7zip.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["114121825398685049637523548521724163081","158255184811572789911284109468266521732","335493315037050148892950470981890599307","209098857150887945768214746267601235406"]},"source":"https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573","signature_type":"Line","deprecated":false,"id":"CVE-2016-4300-dee1363a"}],"vanir_signatures_modified":"2026-05-06T23:52:54Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4300.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}