ALT-BU-2025-7048-1
Branch c10f2 update bulletin.
Package libarchive updated to version 3.7.9-alt1 for branch c10f2 in task 384126.
Closed vulnerabilities
BDU:2025-05203
Уязвимость файла bsdunzip.c библиотеки Libarchive, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-04-14
CVE-2024-48615
Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
Modified: 2025-03-25
CVE-2025-1632
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Closed vulnerabilities
Modified: 2025-05-28
CVE-2025-3196
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
- https://github.com/assimp/assimp/issues/6069
- https://github.com/assimp/assimp/issues/6069
- https://github.com/assimp/assimp/issues/6069#issuecomment-2763273425
- https://github.com/assimp/assimp/milestone/11
- VDB-303150 | CTI Indicators (IOB, IOC, IOA)
- VDB-303150 | Open Asset Import Library Assimp Malformed File MD2Loader.cpp InternReadFile stack-based overflow
- Submit #545368 | Open Asset Import Library Assimp 5.4.3 Stack-based Buffer Overflow