{"id":"AZL-57720","summary":"CVE-2025-25724 affecting package libarchive for versions less than 3.6.1-5","details":"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.","modified":"2026-04-01T05:19:48.354848Z","published":"2025-03-02T02:15:36Z","upstream":["CVE-2025-25724"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25724"}],"affected":[{"package":{"name":"libarchive","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/libarchive"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.1-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57720.json"}}],"schema_version":"1.7.5"}