Msrc Azl3 Libarchive 3.7.7-2 On Azure Linux 3.0 vulnerabilities

CVE-2025-5916 [LOW] CWE-190 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2025-5917 [LOW] CWE-787 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recen

CVE-2025-5915 [MEDIUM] CWE-122 Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date wi

CVE-2025-5914 [HIGH] CWE-415 Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date

CVE-2025-5918 [LOW] CWE-125 Libarchive: reading past eof may be triggered for piped file streams Libarchive: reading past eof may be triggered for piped file streams FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2025-25724 [MEDIUM] CWE-252 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer m

CVE-2024-57970 [MEDIUM] CWE-126 libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long li libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. FAQ: Is Azure Linux the only Microsoft product that includ

CVE-2025-1632 [MEDIUM] CWE-476 libarchive bsdunzip.c list null pointer dereference libarchive bsdunzip.c list null pointer dereference FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dist