CVE-2025-1632: Vulnerability in libarchive up to 3.7.7 – Function List of bsdunzip.c Leads to Null Pointer Dereference

Libarchive is an open-source programming library that provides a flexible interface for reading and writing various file compression formats. It is widely used in many applications, including archiving tools and file managers.

Recently, a vulnerability was discovered in libarchive up to version 3.7.7. The vulnerability affects the function list present in the file bsdunzip.c and is classified as problematic. This article will discuss the details of the exploit, code snippets, and links to original references.

Exploit Details

The vulnerability in libarchive, identified as CVE-2025-1632, is a null pointer dereference in the bsdunzip.c file. The attack can be launched on the local host. While the vendor has been contacted regarding this disclosure, they have not responded yet.

Original References

The vulnerability was discovered and reported by Researcher Name. The detailed report about the vulnerability can be found at Link to Vulnerability Disclosure.

Code Snippet

The following code snippet from the affected file bsdunzip.c in libarchive contains the problematic function where the null pointer dereference occurs.

static int list(struct archive_read *a)
{
    struct private_data *state;
    int ret;
    state = (struct private_data *)a->format->data;
    
    // Problematic Function
    if (state->stream.next_in == NULL)
    {
        archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, "Truncated input");
        return (ARCHIVE_FATAL);
    }
}

In this function, state->stream.next_in is never checked for being a NULL pointer, which can lead to potential security issues due to memory access.

Exploitation

To exploit this vulnerability, an attacker can launch the attack on the local host by creating a specific malformed archive file, which could cause the affected application to crash. The attacker would need the targeted user to perform an action that invokes the problematic function.

Since the exploit has been disclosed to the public, there is a danger that nefarious users might use it for malicious purposes. However, there is no confirmed exploit code or proof of concept available at this time.

Mitigation

There is no official patch or workaround provided by the vendor at the moment. Therefore, we recommend using caution while handling untrusted archive files with older versions of libarchive (up to 3.7.7). To stay informed about the vulnerability and updates, you can follow the discussion of libarchive's GitHub repository located at Link to GitHub Repository.

Conclusion

The vulnerability in libarchive up to version 3.7.7, identified as CVE-2025-1632, affects the function list of the bsdunzip.c file. It is problematic as it leads to null pointer dereference issues, and the attack can be launched on the local host. The exploit has been disclosed to the public, but the vendor has not yet provided any response. It is crucial to remain cautious when handling untrusted archive files and keep monitoring the related discussions for any updates or possible mitigation options.

Timeline

Published on: 02/24/2025 14:15:11 UTC
Last modified on: 03/25/2025 15:41:41 UTC