Package        : libarchive
Version        : 3.0.4-3+wheezy6
CVE ID         : CVE-2016-10209 CVE-2016-10349 CVE-2016-10350
Debian Bug     : 859456 861609

Multiple denial of services vulnerabilities have been identified in 
libarchive when manipulating specially crafted archives.


    NULL pointer dereference and application crash in the
    archive_wstring_append_from_mbs() function.


    Heap-based buffer over-read and application crash in the
    archive_le32dec() function.


    Heap-based buffer over-read and application crash in the
    archive_read_format_cab_read_header() function.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your libarchive packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS:
Learn to master Debian: