{"id":"JLSEC-2025-234","summary":"libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block ...","details":"libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).","modified":"2026-04-20T17:00:42.869950Z","published":"2025-11-25T22:03:17.636Z","upstream":["CVE-2021-36976"],"database_specific":{"sources":[{"published":"2021-07-20T07:15:07.950Z","modified":"2025-11-03T22:15:49.807Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-36976","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36976","id":"CVE-2021-36976","imported":"2025-11-25T21:58:26.858Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/27"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/27"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/28"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/28"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/Mar/29"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375"},{"type":"WEB","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375"},{"type":"WEB","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml"},{"type":"WEB","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202208-26"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202208-26"},{"type":"WEB","url":"https://support.apple.com/kb/HT213182"},{"type":"WEB","url":"https://support.apple.com/kb/HT213182"},{"type":"WEB","url":"https://support.apple.com/kb/HT213183"},{"type":"WEB","url":"https://support.apple.com/kb/HT213183"},{"type":"WEB","url":"https://support.apple.com/kb/HT213193"},{"type":"WEB","url":"https://support.apple.com/kb/HT213193"}],"affected":[{"package":{"name":"LibArchive_jll","ecosystem":"Julia","purl":"pkg:julia/LibArchive_jll?uuid=1e303b3e-d4db-56ce-88c4-91e52606a1a8"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.7.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-234.json"}}],"schema_version":"1.7.5"}