{"id":"JLSEC-2026-153","details":"An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).","modified":"2026-04-20T17:00:07.311853Z","published":"2026-04-20T16:58:42.289Z","upstream":["CVE-2025-60753"],"database_specific":{"license":"CC-BY-4.0","sources":[{"published":"2025-11-05T16:15:40.430Z","id":"CVE-2025-60753","database_specific":{"status":"Analyzed"},"html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-60753","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-60753","modified":"2026-02-04T21:19:45.610Z","imported":"2026-04-20T16:47:56.026Z"}]},"references":[{"type":"WEB","url":"https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753"},{"type":"WEB","url":"https://github.com/libarchive/libarchive/issues/2725"}],"affected":[{"package":{"name":"LibArchive_jll","ecosystem":"Julia","purl":"pkg:julia/LibArchive_jll?uuid=1e303b3e-d4db-56ce-88c4-91e52606a1a8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.8.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-153.json"}}],"schema_version":"1.7.5"}