JLSEC-2025-242 A vulnerability was found in libarchive up to 3.7.7

🗓️ 25 Nov 2025 22:03:17Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Libarchive up to 3.7.7 has null pointer dereference in bsdunzip.c, exploitable on local host.

Reporter	Title	Published	Views	Family All 56
AlpineLinux	CVE-2025-1632	24 Feb 202513:31	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в libarchive	3 May 202623:59	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: libarchive (CVE-2025-1632)	22 Jan 202600:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 7.02 : libarchive Multiple Vulnerabilities (NS-SA-2025-0118)	25 Jul 202500:00	–	nessus
Tenable Nessus	Photon OS 5.0: Libarchive PHSA-2025-5.0-0487	21 Mar 202500:00	–	nessus
Tenable Nessus	Slackware Linux 15.0 / current libarchive Multiple Vulnerabilities (SSA:2025-079-01)	20 Mar 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libarchive (SUSE-SU-2025:0985-1)	22 Mar 202500:00	–	nessus
Tenable Nessus	TencentOS Server 4: libarchive (TSSA-2025:0223)	16 Jun 202500:00	–	nessus
Tenable Nessus	Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : libarchive vulnerabilities (USN-7454-1)	24 Apr 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-1632	26 Aug 202500:00	–	nessus

Source	Link
github	www.github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
github	www.github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

20 Apr 2026 17:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.13.3 - 5.5

CVSS 21.7

CVSS 44.8

CVSS 33.3

EPSS0.00025

SSVC