CVE-2019-9923

CVE-2019-9923 : pax_decode_header in GNU Tar’s sparse.c can dereference a NULL pointer when parsing archives with malformed extended headers, leading to a crash. Affected: GNU Tar prior to 1.32. Impact stated in sources is a NULL pointer dereference (DoS via crash) with CVSS v3.1 base 7.5 (HIGH)....

CVE-2007-4476

CVE-2007-4476 is a buffer overflow in the safer_name_suffix function of GNU tar that exposes a crashing stack. The supplied connected documents corroborate the issue within tar/cpio track records and list it alongside other related CVEs (e.g., CVE-2010-0624); no explicit patch versions or remedia...

CVE-2023-39804

CVE-2023-39804 corresponds to a GNU tar issue where mishandled extension attributes in a PAX archive can crash an application via xheader.c. The connected IBM bulletin maps this CVE to IBM API Connect onPrem v12 (12.1.0.0) and lists remediation by upgrading to v12.1.0.1. The IBM advisory presents...

CVE-2025-45582

CVE-2025-45582 (GNU Tar) : GNU Tar up to 1.35 allows file overwrite via a two-step directory traversal attack. An attacker can craft two archives: first to place a ../ symlink to a sensitive directory, second to target a critical file by a relative path beginning with the symlink, causing the ext...