FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gtar -- invalid headers buffer overflow

Affected packages
gtar < 1.15.1_2

Details

VuXML ID 6107efb9-aae3-11da-aea1-000854d03344
Discovery 2006-02-22
Entry 2006-03-03

GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user.

References

Bugtraq ID 16764
CVE Name CVE-2006-0300