Libarchive prior to 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
Debian Bug report logs -
#1072855
libarchive: CVE-2024-37407
Package:
src:libarchive;
Maintainer for src:libarchive is Peter Pentchev <roam@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 9 Jun 2024 07:09:01 UTC
Severity: important
Tags: security, upstream
Found in version libarchive/3 ...