CVE-2025-25724

MEDIUM Year: 2025
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-252
View all →

Vulnerability Description

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

Related Vulnerabilities

CVE-2023-23003

MEDIUM
CVSS:4.0(Medium)

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

CWE-2522023

CVE-2020-8934

MEDIUM
CVSS:4.3(Medium)

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_...

CWE-2522020

CVE-2021-29853

MEDIUM
CVSS:4.3(Medium)

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

CWE-2522021

CVE-2023-3247

MEDIUM
CVSS:4.3(Medium)

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower rang...

CWE-2522023

CVE-2023-29243

MEDIUM
CVSS:4.4(Medium)

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local acc...

CWE-2522023

CVE-2023-3013

MEDIUM
CVSS:4.4(Medium)

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

CWE-2522023