rpm package
opensuse/libarchive&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libarchive&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-25724 | — | < 3.7.7-3.1 | 3.7.7-3.1 | Mar 2, 2025 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf | ||
| CVE-2025-1632 | — | < 3.7.7-3.1 | 3.7.7-3.1 | Feb 24, 2025 | A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been discl | ||
| CVE-2024-57970 | Med | 4.0 | < 3.7.7-2.1 | 3.7.7-2.1 | Feb 16, 2025 | libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. | |
| CVE-2024-20696 | — | < 3.7.6-1.1 | 3.7.6-1.1 | Jan 9, 2024 | Windows libarchive Remote Code Execution Vulnerability |
- CVE-2025-25724Mar 2, 2025affected < 3.7.7-3.1fixed 3.7.7-3.1
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be suf
- CVE-2025-1632Feb 24, 2025affected < 3.7.7-3.1fixed 3.7.7-3.1
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been discl
- affected < 3.7.7-2.1fixed 3.7.7-2.1
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
- CVE-2024-20696Jan 9, 2024affected < 3.7.6-1.1fixed 3.7.6-1.1
Windows libarchive Remote Code Execution Vulnerability