CVE-2025-1632
Publication date 24 February 2025
Last updated 23 April 2025
Ubuntu priority
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Read the notes from the security team
Why is this CVE low priority?
Crash in a command line tool only
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libarchive | 25.04 plucky |
Fixed 3.7.7-0ubuntu2.1
|
| 24.10 oracular |
Fixed 3.7.4-1ubuntu0.2
|
|
| 24.04 LTS noble |
Fixed 3.7.2-2ubuntu0.4
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
Notes
Patch details
| Package | Patch details |
|---|---|
| libarchive |
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7454-1
- libarchive vulnerabilities
- 23 April 2025