INFSA-2025:9420: libarchive security update
Information about definition
Identificator: INFSA-2025:9420
Type: security
Release date: 2025-07-15 19:26:51 UTC
Information about package
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Vulnerabilities description
- CVE-2025-25724
A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-25724
|
no information | 4.0 | no information |
Updated packages