CVE-2025-1632

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1632

CGA ID

CGA-vqg2-49pm-h25g

Severity

Unknown

Description

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://images.chainguard.dev/security/CGA-vqg2-49pm-h25g
https://github.com/advisories/GHSA-cw9m-pj72-3cj5
https://vuldb.com/?ctiid.296619
https://vuldb.com/?id.296619
https://vuldb.com/?submit.496460
https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
https://security.alpinelinux.org/vuln/CVE-2025-1632
https://security-tracker.debian.org/tracker/CVE-2025-1632

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-1632

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources