CVE-2024-48958

Description

execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

CVSS 3.1 Score

Weakness

• CWE-125

References

• Apple Security Advisory
• NVD Entry
• https://github.com/libarchive/libarchive/compare/v3.7.4…v3.7.5 (Patch)
• https://github.com/libarchive/libarchive/pull/2148 (Patch)
• https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958 (Exploit, Third Party Advisory)
• http://seclists.org/fulldisclosure/2025/Apr/11
• http://seclists.org/fulldisclosure/2025/Apr/12
• http://seclists.org/fulldisclosure/2025/Apr/13
• http://seclists.org/fulldisclosure/2025/Apr/4
• http://seclists.org/fulldisclosure/2025/Apr/8