JLSEC-2025-243

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2025/JLSEC-2025-243.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-243.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2025-243
Upstream
  • EUVD-2025-5869
  • GHSA-722w-734r-qg74
Published
2025-11-25T22:03:17.636Z
Modified
2026-04-20T17:16:58.557349339Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value,...
Details

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "imported": "2026-04-20T16:47:55.986Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25724",
            "modified": "2025-07-17T15:56:36.083Z",
            "id": "CVE-2025-25724",
            "published": "2025-03-02T02:15:36.603Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-25724"
        },
        {
            "html_url": "https://github.com/advisories/GHSA-722w-734r-qg74",
            "modified": "2025-03-02T03:30:37Z",
            "imported": "2026-04-20T16:47:59.472Z",
            "published": "2025-03-02T03:30:31Z",
            "id": "GHSA-722w-734r-qg74",
            "url": "https://api.github.com/advisories/GHSA-722w-734r-qg74"
        },
        {
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-5869",
            "modified": "2025-03-04T19:00:41Z",
            "id": "EUVD-2025-5869",
            "published": "2025-03-02T00:00:00Z",
            "imported": "2026-04-20T16:47:57.773Z",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-5869"
        }
    ]
}
References

Affected packages

Julia / LibArchive_jll

Package

Name
LibArchive_jll
Purl
pkg:julia/LibArchive_jll?uuid=1e303b3e-d4db-56ce-88c4-91e52606a1a8

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.7.9+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-243.json"