Vulnerability Details CVE-2025-25724
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.5%
CVSS Severity
CVSS v3 Score 4.0
References
Products affected by CVE-2025-25724
-
cpe:2.3:a:libarchive:libarchive:-
-
cpe:2.3:a:libarchive:libarchive:2.6.0
-
cpe:2.3:a:libarchive:libarchive:2.6.1
-
cpe:2.3:a:libarchive:libarchive:2.6.2
-
cpe:2.3:a:libarchive:libarchive:2.7.0
-
cpe:2.3:a:libarchive:libarchive:2.7.1
-
cpe:2.3:a:libarchive:libarchive:2.8.0
-
cpe:2.3:a:libarchive:libarchive:2.8.1
-
cpe:2.3:a:libarchive:libarchive:2.8.2
-
cpe:2.3:a:libarchive:libarchive:2.8.3
-
cpe:2.3:a:libarchive:libarchive:2.8.4
-
cpe:2.3:a:libarchive:libarchive:2.8.5
-
cpe:2.3:a:libarchive:libarchive:3.0.0a
-
cpe:2.3:a:libarchive:libarchive:3.0.1b
-
cpe:2.3:a:libarchive:libarchive:3.0.2
-
cpe:2.3:a:libarchive:libarchive:3.0.3
-
cpe:2.3:a:libarchive:libarchive:3.0.4
-
cpe:2.3:a:libarchive:libarchive:3.1.0
-
cpe:2.3:a:libarchive:libarchive:3.1.1
-
cpe:2.3:a:libarchive:libarchive:3.1.2
-
cpe:2.3:a:libarchive:libarchive:3.1.900a
-
cpe:2.3:a:libarchive:libarchive:3.1.901a
-
cpe:2.3:a:libarchive:libarchive:3.2.0
-
cpe:2.3:a:libarchive:libarchive:3.2.1
-
cpe:2.3:a:libarchive:libarchive:3.2.2
-
cpe:2.3:a:libarchive:libarchive:3.3.0
-
cpe:2.3:a:libarchive:libarchive:3.3.1
-
cpe:2.3:a:libarchive:libarchive:3.3.2
-
cpe:2.3:a:libarchive:libarchive:3.3.3
-
cpe:2.3:a:libarchive:libarchive:3.4.0
-
cpe:2.3:a:libarchive:libarchive:3.4.1
-
cpe:2.3:a:libarchive:libarchive:3.4.2
-
cpe:2.3:a:libarchive:libarchive:3.4.3
-
cpe:2.3:a:libarchive:libarchive:3.5.0
-
cpe:2.3:a:libarchive:libarchive:3.5.1
-
cpe:2.3:a:libarchive:libarchive:3.5.2
-
cpe:2.3:a:libarchive:libarchive:3.5.3
-
cpe:2.3:a:libarchive:libarchive:3.6.0
-
cpe:2.3:a:libarchive:libarchive:3.6.1
-
cpe:2.3:a:libarchive:libarchive:3.6.2
-
cpe:2.3:a:libarchive:libarchive:3.7.0
-
cpe:2.3:a:libarchive:libarchive:3.7.1
-
cpe:2.3:a:libarchive:libarchive:3.7.2
-
cpe:2.3:a:libarchive:libarchive:3.7.3
-
cpe:2.3:a:libarchive:libarchive:3.7.4
-
cpe:2.3:a:libarchive:libarchive:3.7.5
-
cpe:2.3:a:libarchive:libarchive:3.7.6
-
cpe:2.3:a:libarchive:libarchive:3.7.7