INFSA-2025:7510: libarchive security update
Information about definition
Identificator: INFSA-2025:7510
Type: security
Release date: 2025-07-15 19:46:02 UTC
Information about package
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Vulnerabilities description
- CVE-2024-57970
A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-57970
|
no information | 4.0 | no information |
Updated packages