Python · Cpython · CVE-2025-8194
**Name of the Vulnerable Software and Affected Versions**
CPython versions (affected versions not specified)
**Description**
A defect exists in the CPython “tarfile” module, impacting the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets without error, leading to an infinite loop and deadlock when parsing maliciously crafted tar archives.
**Recommendations**
Include the following patch after importing the “tarfile” module:
```python
import tarfile
def block patched(self, count):
if count < 0: # pragma: no cover
raise tarfile.InvalidHeaderError("invalid offset")
return block patched. orig block(self, count)
block patched. orig block = tarfile.TarInfo. block
tarfile.TarInfo. block = block patched
```