CVE-2025-1632

EUVD-2025-4364
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
𝑥
≤ 3.7.7
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libarchive-devel
suse enterprise desktop 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.12.1
fixed
libarchive13
suse enterprise desktop 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.12.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.12.1
fixed
Common Weakness Enumeration
References
https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
https://vuldb.com/?ctiid.296619
https://vuldb.com/?id.296619
https://vuldb.com/?submit.496460
https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc