VYPR

Libarchive

by Libarchive

Source repositories

CVEs (86)

  • CVE-2015-8925MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

  • CVE-2015-8924MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.05

    The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

  • CVE-2015-8922MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.

  • CVE-2015-8920MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2015-8915MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

  • CVE-2026-4426MedMar 19, 2026
    risk 0.35cvss 6.5epss 0.00

    A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO…

  • CVE-2024-57970MedFeb 16, 2025
    risk 0.26cvss 4.0epss 0.00

    libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

  • CVE-2024-26256Apr 9, 2024
    risk 0.03cvss epss 0.88

    Libarchive Remote Code Execution Vulnerability

  • CVE-2007-3641Jul 14, 2007
    risk 0.01cvss epss 0.07

    archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

  • CVE-2025-60753Nov 5, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).

  • CVE-2025-5914Jun 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in…

  • CVE-2025-5918Jun 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable…

  • CVE-2025-5917Jun 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory,…

  • CVE-2025-5916Jun 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to…

  • CVE-2025-5915Jun 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated…

  • CVE-2024-48615Mar 28, 2025
    risk 0.00cvss epss 0.00

    Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

  • CVE-2025-25724Mar 2, 2025
    risk 0.00cvss epss 0.00

    list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be…

  • CVE-2025-1632Feb 24, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been…

  • CVE-2024-48957Oct 10, 2024
    risk 0.00cvss epss 0.00

    execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

  • CVE-2024-48958Oct 10, 2024
    risk 0.00cvss epss 0.01

    execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.