PT-2025-9197 · Unknown+9 · Libarchive+9

Ekkosun

Published

2025-03-01

Updated

2026-04-02

CVE-2025-25724

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libarchive versions prior to 3.7.8

Description The issue is related to the list item verbose function in tar/util.c, which does not check the return value of strftime. This can lead to a denial of service or other unspecified impact when a crafted TAR archive is read with a verbose value of 2. The problem may occur due to insufficient buffer size, such as the 100-byte buffer, for custom locales.

Recommendations For versions prior to 3.7.8, update to version 3.7.8 or later to resolve the issue.

Exploit

Fix

DoS

Unchecked Return Value

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-119

Related Identifiers

ALSA-2025:9420

ALSA-2025:9431

AZL-57712

AZL-57720

BDU:2025-05210

CVE-2025-25724

ECHO-FBE0-7DE7-AC8D

INFSA-2025_9431

JLSEC-2025-243

MGASA-2025-0102

OESA-2025-1309

OESA-2025-1310

OESA-2025-1311

OESA-2025-1312

OESA-2025-1313

OPENSUSE-SU-2025:14882-1

OPENSUSE-SU-2025_0985-1

OPENSUSE-SU-2025_0986-1

RHSA-2025:9420

RHSA-2025:9431

RHSA-2025_9431

SUSE-SU-2025:0985-1

SUSE-SU-2025:0986-1

SUSE-SU-2025:20257-1

USN-7454-1

USN-8147-1

Affected Products

Almalinux

Astra Linux

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libarchive

PT-2025-9197 · Unknown+9 · Libarchive+9

CVE-2025-25724

Weakness Enumeration

Related Identifiers

Affected Products

References · 89