CVE-2024-48957

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Oct 10, 2024
Updated: Oct 11, 2024
CWE ID 125

Summary

CVE-2024-48957 is a vulnerability in libarchive versions prior to 3.7.5, specifically in the execute_filter_audio function within archive_read_support_format_rar.c, which allows for out-of-bounds access through crafted archive files. The affected products include a variety of software and libraries that utilize libarchive, posing a high risk due to potential integrity and confidentiality impacts. Remediation involves updating to libarchive version 3.7.5 or later, as detailed in the patches available on GitHub. The vulnerability requires local user interaction for exploitation and has an exploitability score of 1.8, indicating that while it is not trivial to exploit, it remains a significant security concern for organizations using the affected products. If successfully exploited, it could lead to severe consequences, including unauthorized data access or system instability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share