]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 50f3f29) | patch
fix CVE-2025-1632 and CVE-2025-25724 (#2532)
authorPeter Kästle <peter@piie.net>
Mon, 10 Mar 2025 15:43:04 +0000 (16:43 +0100)
committerMartin Matuska <martin@matuska.de>
Tue, 11 Mar 2025 09:33:23 +0000 (10:33 +0100)
commit8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
tree43a24a0559f9d3f772d1868e7f75c8ea73a06dc5tree | snapshot
parent50f3f29a7ecdb16b2aff9201390d72583f1e4813commit | diff
fix CVE-2025-1632 and CVE-2025-25724 (#2532)

Hi,

please find my approach to fix the CVE-2025-1632 and CVE-2025-25724
vulnerabilities in this pr.
As both error cases did trigger a NULL pointer deref (and triggered
hopefully everywhere a coredump), we can safely replace the actual
information by a predefined invalid string without breaking any
functionality.

---------

Signed-off-by: Peter Kaestle <peter@piie.net>
(cherry picked from commit c9bc934e7e91d302e0feca6e713ccc38d6d01532)
tar/util.c diff | blob | blame | history
unzip/bsdunzip.c diff | blob | blame | history
Mirror of https://github.com/libarchive/libarchive.git