Libarchive
Sign in to watchby Libarchive
Source repositories
CVEs (23)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-25724 | 0.00 | — | 0.00 | Mar 2, 2025 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. | ||
| CVE-2015-2304 | 0.00 | — | 0.03 | Mar 15, 2015 | Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | ||
| CVE-2013-0211 | 0.00 | — | 0.01 | Sep 30, 2013 | Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. |
Page 2 of 2