Lucene search
K

45 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-15028

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS0.00203EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42865

A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation cou...

3.9CVSS6.2AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 2:17 p.m.12 views

CVE-2026-54417

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
CVE
CVE
added 2026/03/12 5:59 p.m.119 views

CVE-2025-13462

CVE-2025-13462 concerns the Python tarfile module: it would normalize AREGTYPE (\x00) blocks to DIRTYPE even when processing GNU LONGNAME/LONGLINK multiblock members, which could cause a crafted tar archive to be interpreted differently from other implementations. Affected stack/impact are descri...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libarchive (UTSA-2025-986114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986114 advisory. listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5869

Malicious code in bioql PyPI...

7.8CVSS4.5AI score0.00337EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.4 views

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2025-1801)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.5 views

EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2025-1778)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/30 12:0 a.m.4 views

EulerOS 2.0 SP13 : libarchive (EulerOS-SA-2025-1690)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/12 12:0 a.m.5 views

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2025-1663)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.7 views

EulerOS 2.0 SP12 : libarchive (EulerOS-SA-2025-1591)

According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or...

7.8CVSS5.8AI score0.00337EPSS
Exploits1References2
OSV
OSV
added 2025/03/21 1:18 p.m.7 views

OESA-2025-1311 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.8CVSS5.9AI score0.00337EPSS
Exploits2References3
NVD
NVD
added 2025/03/02 2:15 a.m.13 views

CVE-2025-25724

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

7.8CVSS0.00337EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/02 12:0 a.m.5 views

CVE-2025-25724

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

4CVSS4.4AI score0.00337EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/02/24 1:20 a.m.4 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2024/11/05 4:12 a.m.7 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2024/11/04 6:0 a.m.3 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2024/10/24 12:33 p.m.6 views

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References7
OSV
OSV
added 2024/05/10 11:7 a.m.6 views

OESA-2024-1521 atril security update

Mate-document-viewer is simple document viewer. It can display and print Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS, DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard,...

9.6CVSS7.2AI score0.02359EPSS
Exploits2References2
OSV
OSV
added 2024/01/12 9:15 p.m.9 views

DEBIAN-CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

8.8CVSS7.8AI score0.02359EPSS
Exploits2References1
Rows per page
Query Builder