CVE-2025-60753

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.8.1

Description The software is a BSD-licensed C programming library providing streaming access to various archive formats like tar, cpio, pax, zip, and ISO9660 images. It includes bsdtar and bsdcpio implementations. A flaw exists in the apply substitution function within tar/subst.c when handling specially crafted -s substitution rules. This can result in excessive memory allocation, potentially leading to a denial of service through an out-of-memory crash.

Recommendations Update to version 3.8.1 or later.

Exploit

Fix

DoS

Infinite Loop

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-400

Related Identifiers

AZL-69866

AZL-69893

BDU:2026-00318

CVE-2025-60753

ECHO-332C-D1F1-FB8F

JLSEC-2026-153

OESA-2025-2761

OESA-2025-2762

RHSA-2026:8944

USN-8147-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Bsdcpio

Bsdtar

Libarchive

CVE-2025-60753

Weakness Enumeration

Related Identifiers

Affected Products

References · 37