{"id":"CVE-2024-48958","details":"execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.","modified":"2026-04-16T00:02:43.173791439Z","published":"2024-10-10T02:15:03.057Z","related":["SUSE-SU-2024:3940-1","SUSE-SU-2025:20087-1","SUSE-SU-2025:20257-1"],"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2025/Apr/12"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2025/Apr/13"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2025/Apr/4"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2025/Apr/8"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2025/Apr/11"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5"},{"type":"FIX","url":"https://github.com/libarchive/libarchive/pull/2148"},{"type":"EVIDENCE","url":"https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libarchive/libarchive","events":[{"introduced":"9147def1da7ad1bdd47b3559eb1bfeeb0e0f374b"},{"fixed":"12ecf8418ab3595d66cdea1abadcea8b6a9d288b"}],"database_specific":{"versions":[{"introduced":"3.6.0"},{"fixed":"3.7.5"}]}}],"versions":["v3.6.0","v3.6.1","v3.6.2","v3.7.0","v3.7.1","v3.7.2","v3.7.3","v3.7.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48958.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}