CVE-2016-8689 affects libarchive 3.2.1 and can let a remote attacker crash a process that parses a specially crafted 7zip archive. NVD describes the flaw as an out-of-bounds read in read_Header() inside archive_read_support_format_7zip.c, with the impact limited to denial of service. Because the trigger is a malformed archive, the risk is highest for applications and services that accept untrusted archive [truncated]
CVE-2016-8688 is a denial-of-service flaw in libarchive’s mtree support. When the mtree bidder extends read-ahead without tracking line sizes correctly, crafted archive content can trigger an invalid read in detect_form or bid_entry and crash the process. The NVD record rates this as a medium-severity availability issue and lists affected libarchive 3.2.1 deployments, with distribution advisories and an u [truncated]
CVE-2016-8687 is a memory-safety flaw in libarchive that can be triggered when archive-processing code handles a crafted filename containing a non-printable multibyte character. According to the NVD record, the bug can lead to a stack-based buffer overflow and a denial of service. The issue was publicly recorded on 2017-02-15, with patch and advisory references already present in 2016.
CVE-2017-5601 is a high-severity memory-safety issue in libarchive 3.2.2. According to the NVD record, a specially crafted archive can trigger an out-of-bounds read in lha_read_file_header_1(), which can lead to a crash. Because archive handling is often exposed to untrusted inputs, this should be treated as a denial-of-service risk in any product that embeds or depends on the affected libarchive version.