CVE-2025-1632
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-1632
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1632.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-1632
- Related
- Published
- 2025-02-24T14:15:11Z
- Modified
- 2025-03-26T01:54:37.315905Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- References
Affected packages
Debian:11 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Git / github.com/libarchive/libarchive
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libarchive/libarchive
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v2.*
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v3.*
v3.0.0a
v3.0.1b
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.1.900a
v3.1.901a
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7