Unrated severityNVD Advisory· Published Jun 8, 2024· Updated Mar 14, 2025

CVE-2024-37407

Description

Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Libarchive/Libarchivecpe-rescue2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.7.4
osv-coords8 versions
pkg:apk/chainguard/libarchive pkg:apk/chainguard/libarchive-dev pkg:apk/chainguard/libarchive-doc pkg:apk/chainguard/libarchive-tools pkg:apk/wolfi/libarchive pkg:apk/wolfi/libarchive-dev pkg:apk/wolfi/libarchive-doc pkg:apk/wolfi/libarchive-tools
< 3.7.4-r0+ 7 more
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0
- (no CPE)range: < 3.7.4-r0

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

CVE-2024-37407

Description

AI Insight

Affected products

Patches

Vulnerability mechanics

References

News mentions