CVE Tools

libarchive

OSS Librariesoss-project

51

Cumulative CVEs

10

Monthly snapshots

#11

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting libarchive.

CVE-2026-5745Libarchive: a null pointer dereference vulnerability exists in the acl parser of libarchive5.5Apr 7, 2026
CVE-2026-5121Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing7.5Mar 30, 2026
CVE-2026-4426Libarchive: libarchive: denial of service via malformed iso file processing6.5Mar 19, 2026
CVE-2026-4424Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing7.5Mar 19, 2026
CVE-2025-60753An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory a...5.5Nov 5, 2025
CVE-2025-5914Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c7.8Jun 9, 2025
CVE-2025-5918Libarchive: reading past eof may be triggered for piped file streams3.9Jun 9, 2025
CVE-2025-5917Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c2.8Jun 9, 2025
CVE-2025-5916Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c3.9Jun 9, 2025
CVE-2025-5915Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c6.6Jun 9, 2025
CVE-2024-48615Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.7.5Mar 28, 2025
CVE-2025-25724list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that...4.0Mar 2, 2025
CVE-2025-1632libarchive bsdunzip.c list null pointer dereference3.3Feb 24, 2025
CVE-2024-57970libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long...4.0Feb 16, 2025
CVE-2024-48958execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.7.8Oct 10, 2024