45 matches found
CVE-2026-15028
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
EUVD-2026-42865
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...
CVE-2026-54417
An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...
CVE-2025-13462
CVE-2025-13462 concerns the Python tarfile module: it would normalize AREGTYPE (\x00) blocks to DIRTYPE even when processing GNU LONGNAME/LONGLINK multiblock members, which could cause a crafted tar archive to be interpreted differently from other implementations. Affected stack/impact are descri...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libarchive (UTSA-2025-986114)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986114 advisory. listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact...
EUVD-2025-5869
Malicious code in bioql PyPI...
EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2025-1801)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...
EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2025-1778)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...
EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2025-1690)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...
EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2025-1663)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...
EulerOS 2.0 SP12 : libarchive (EulerOS-SA-2025-1591)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...
OESA-2025-1311 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
CVE-2025-25724
listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...
CVE-2025-25724
listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
python: cpython: tarfile: ReDos via excessive backtracking while parsing header values
A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...
OESA-2024-1521 atril security update
Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...
DEBIAN-CVE-2023-51698
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...