CVE-2025-1632 : A vulnerability was found in libarchive up to 3.7.7. It has been classified as p

A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published 2025-02-24 14:15:12

Updated 2025-03-25 15:41:42

Source VulDB

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2025-1632

Libarchive » Libarchive
Versions up to, including, (<=) 3.7.7
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2025-1632

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-1632

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.7	LOW	AV:L/AC:L/Au:S/C:N/I:N/A:P	3.1	2.9	VulDB	2025-02-24
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	1.8	1.4	VulDB	2025-02-24
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-03-25
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	N/A	N/A	RedHat-CVE-2025-1632	2025-02-25
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/V...	N/A	N/A	VulDB	2025-02-24
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: Low User Interaction: None Confidentiality (VC): None Integrity (VI): None Availability (VA): Low

CWE ids for CVE-2025-1632

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Secondary)
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.
Assigned by:
- cna@vuldb.com (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2025-1632

https://vuldb.com/?id.296619

CVE-2025-1632 libarchive bsdunzip.c list null pointer dereference
Permissions Required;VDB Entry
https://vuldb.com/?submit.496460

Submit #496460: libarchive bsdunzip 3.77 NULL Pointer Dereference
VDB Entry;Exploit;Third Party Advisory
https://vuldb.com/?ctiid.296619

CVE-2025-1632 libarchive bsdunzip.c list null pointer dereference
Permissions Required;VDB Entry
https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc

pocs/bsdunzip-poc at main · Ekkosun/pocs · GitHub
Exploit

Jump to

Vulnerability Details : CVE-2025-1632

Products affected by CVE-2025-1632

Exploit prediction scoring system (EPSS) score for CVE-2025-1632

CVSS scores for CVE-2025-1632

CWE ids for CVE-2025-1632

References for CVE-2025-1632