]> git.ipfire.org Git - thirdparty/libarchive.git/commit
projects / thirdparty / libarchive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 52e0bfd) | patch
fix CVE-2025-1632 and CVE-2025-25724 (#2532)
authorPeter Kästle <peter@piie.net>
Mon, 10 Mar 2025 15:43:04 +0000 (16:43 +0100)
committerGitHub <noreply@github.com>
Mon, 10 Mar 2025 15:43:04 +0000 (08:43 -0700)
commitc9bc934e7e91d302e0feca6e713ccc38d6d01532
tree11cdac2576a2c47df17e6a6d1fbb7552aabf2778tree
parent52e0bfd750cb8ae7b7c7656c35020118efa28427commit | diff
fix CVE-2025-1632 and CVE-2025-25724 (#2532)

Hi,

please find my approach to fix the CVE-2025-1632 and CVE-2025-25724
vulnerabilities in this pr.
As both error cases did trigger a NULL pointer deref (and triggered
hopefully everywhere a coredump), we can safely replace the actual
information by a predefined invalid string without breaking any
functionality.

---------

Signed-off-by: Peter Kaestle <peter@piie.net>
tar/util.c diff | blob | blame | history
unzip/bsdunzip.c diff | blob | blame | history
Mirror of https://github.com/libarchive/libarchive.git