CVE-2025-1632 in libarchiveinfo

Summary

by MITRE • 02/24/2025

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 06/27/2026

The vulnerability in libarchive version 3.7.7 represents a critical null pointer dereference issue within the bsdunzip.c file that affects the list function. This flaw stems from improper input validation and error handling during archive processing operations, creating a condition where maliciously crafted archive files can trigger unexpected program termination or arbitrary code execution. The vulnerability is particularly concerning because it operates at the core of archive extraction functionality, making it a prime target for attackers seeking to compromise systems through routine file processing activities.

This security defect falls under CWE-476 which specifically addresses null pointer dereference vulnerabilities, where an application attempts to access memory through a pointer that has not been properly initialized or validated. The issue manifests when the list function in bsdunzip.c fails to properly check for null return values from internal operations, leading to a crash when attempting to dereference an uninitialized pointer during archive content enumeration. The vulnerability is classified as local privilege escalation potential since it can be exploited by any user with the ability to process archive files on the target system.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it can potentially enable more sophisticated attacks including arbitrary code execution or privilege escalation depending on the execution context of the affected applications. Systems utilizing libarchive for processing untrusted archive files become vulnerable to exploitation, with the attack vector being particularly effective against applications that automatically process user-uploaded archives or perform routine system maintenance tasks involving file extraction. The public disclosure of this exploit increases the risk surface significantly as threat actors can readily leverage existing proof-of-concept code.

The vulnerability's exploitation requires local system access and involves crafting a specially formatted archive file that triggers the null pointer dereference condition during list operations. This attack model aligns with ATT&CK technique T1059 which covers command and scripting interpreter usage, as the vulnerability could be leveraged to execute arbitrary commands through compromised applications that rely on libarchive functionality. The lack of vendor response to early disclosure attempts creates an additional risk factor, as users may not receive timely patches or mitigations while the exploit remains publicly available.

Mitigation strategies should include immediate deployment of patched libarchive versions, implementation of proper input validation for archive processing operations, and network segmentation to limit exposure of systems handling untrusted archive files. Organizations should also consider deploying application whitelisting controls and monitoring for unusual process termination patterns that might indicate exploitation attempts. The vulnerability demonstrates the critical importance of maintaining current security patches and implementing robust software supply chain security practices to prevent exploitation of known vulnerabilities in widely used libraries such as libarchive.

Additional defensive measures include configuring systems to sanitize archive content before processing, utilizing sandboxed environments for archive handling operations, and implementing automated vulnerability scanning tools that can detect the presence of vulnerable libarchive versions. The incident underscores the necessity of maintaining comprehensive vulnerability management programs that track and remediate issues in third-party libraries regardless of vendor response timelines. Organizations should also establish clear communication channels with software vendors to ensure timely disclosure and resolution of security issues, particularly when dealing with critical infrastructure components that rely on open source libraries for core functionality.

Responsible

VulDB

Disclosure

02/24/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00321

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!