Libarchive Security Vulnerabilities and Issues — Libarchive CVE List

Lucene search

LibarchiveLibarchive

9 matches found

CVE•added 2025/02/24 2:15 p.m.•237 views

CVE-2025-1632

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public ...

5.5CVSS6.6AI score0.00136EPSS

CVE•added 2025/03/02 2:15 a.m.•232 views

CVE-2025-25724

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

7.8CVSS7.2AI score0.00016EPSS

Web

CVE•added 2025/02/16 4:15 a.m.•211 views

CVE-2024-57970

libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

4CVSS7.1AI score0.00012EPSS

CVE•added 2025/06/09 8:15 p.m.•77 views

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, en...

9.8CVSS8.1AI score0.00034EPSS

CVE•added 2025/06/09 8:15 p.m.•70 views

CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictabl...

5CVSS7.3AI score0.00015EPSS

CVE•added 2025/03/28 3:15 p.m.•68 views

CVE-2024-48615

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

7.5CVSS7.2AI score0.0007EPSS

CVE•added 2025/06/09 8:15 p.m.•63 views

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can...

6.6CVSS6.7AI score0.00014EPSS

CVE•added 2025/06/09 8:15 p.m.•62 views

CVE-2025-5916

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, ...

5.6CVSS7.2AI score0.00017EPSS

CVE•added 2025/06/09 8:15 p.m.•49 views

CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory...

6.6CVSS6.9AI score0.00018EPSS