CVE-2024-37407

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-125
View all →

Vulnerability Description

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

Related Vulnerabilities

CVE-2014-1508

CRITICAL
CVSS:9.1(Critical)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive ...

CWE-1252014

CVE-2014-3180

CRITICAL
CVSS:9.1(Critical)

In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting comp...

CWE-1252014

CVE-2016-6520

CRITICAL
CVSS:9.1(Critical)

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology.

CWE-1252016

CVE-2017-0854

CRITICAL
CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.

CWE-1252017

CVE-2017-11147

CRITICAL
CVSS:9.1(Critical)

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due t...

CWE-1252017

CVE-2017-14122

CRITICAL
CVSS:9.1(Critical)

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.

CWE-1252017