Libarchive

Libarchive

72 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-5914

Medienbericht Exploit
  • EPSS 0.04%
  • Veröffentlicht 09.06.2025 19:53:48
  • Zuletzt bearbeitet 23.09.2025 20:15:33

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free ...

6.6

CVE-2025-5918

  • EPSS 0.02%
  • Veröffentlicht 09.06.2025 19:49:13
  • Zuletzt bearbeitet 15.08.2025 18:35:04

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences,...

5

CVE-2025-5917

  • EPSS 0.02%
  • Veröffentlicht 09.06.2025 19:49:13
  • Zuletzt bearbeitet 15.08.2025 18:16:42

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can...

5.6

CVE-2025-5916

  • EPSS 0.02%
  • Veröffentlicht 09.06.2025 19:49:07
  • Zuletzt bearbeitet 15.08.2025 18:12:06

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a...

6.6

CVE-2025-5915

  • EPSS 0.01%
  • Veröffentlicht 09.06.2025 19:49:02
  • Zuletzt bearbeitet 25.08.2025 02:28:51

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to r...

7.5

CVE-2024-48615

Exploit
  • EPSS 0.08%
  • Veröffentlicht 28.03.2025 00:00:00
  • Zuletzt bearbeitet 14.04.2025 14:36:30

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.

7.8

CVE-2025-25724

Exploit
  • EPSS 0.02%
  • Veröffentlicht 02.03.2025 02:15:36
  • Zuletzt bearbeitet 17.07.2025 15:56:36

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the ...

5.5

CVE-2025-1632

Exploit
  • EPSS 0.16%
  • Veröffentlicht 24.02.2025 14:15:11
  • Zuletzt bearbeitet 25.03.2025 15:41:41

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local ho...

4

CVE-2024-57970

  • EPSS 0.01%
  • Veröffentlicht 16.02.2025 04:15:21
  • Zuletzt bearbeitet 18.02.2025 17:15:19

libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

7.8

CVE-2024-48958

Exploit
  • EPSS 0.02%
  • Veröffentlicht 10.10.2024 02:15:03
  • Zuletzt bearbeitet 29.09.2025 21:36:20

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.