CVE-2025-25724

ADVISORY - nist

Summary

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

EPSS Score⁠: 0.00013 (0.016)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-252⁠

Unchecked Return Value

ADVISORY - redhat

CWE-252⁠

Unchecked Return Value

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.