CVE-2025-1632

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: Feb 24, 2025
Updated: May 4, 2025
CVE: CVE-2025-1632
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
libarchive / libarchive	-	3.7.7.x

https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
https://vuldb.com/?ctiid.296619
https://vuldb.com/?id.296619
https://vuldb.com/?submit.496460

Vulnerability Database

289,599

CVE-2025-1632