CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3213	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:201	Technical Description
http://www.openwall.com/lists/oss-security/2015/03/28/5	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/29/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/73413
https://security.gentoo.org/glsa/201612-15
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3213	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:201	Technical Description
http://www.openwall.com/lists/oss-security/2015/03/28/5	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/29/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/73413
https://security.gentoo.org/glsa/201612-15

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:22:::::::*

Configuration 3 (hide)

cpe:2.3:a:arj_software:arj_archiver:3.10.22:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-04-08 18:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-2782

Mitre link : CVE-2015-2782

CVE.ORG link : CVE-2015-2782

JSON object : View

Products Affected

arj_software

arj_archiver

debian

debian_linux

fedoraproject

fedora

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10