{"id":"CVE-2019-9923","details":"pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.","modified":"2026-03-15T22:30:03.615992Z","published":"2019-03-22T08:29:00.247Z","related":["MGASA-2019-0164","SUSE-SU-2019:0926-1","SUSE-SU-2019:14215-1","SUSE-SU-2020:2806-1","SUSE-SU-2022:1548-1","openSUSE-SU-2019:1237-1","openSUSE-SU-2024:11422-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html"},{"type":"REPORT","url":"http://savannah.gnu.org/bugs/?55369"},{"type":"FIX","url":"https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241"},{"type":"FIX","url":"http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9923.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.32"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}