Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
TAR file module misinterprets certain archive types
CVE-2025-13462
Summary
A TAR file parser may misread specially crafted archives, leading to potential data loss or corruption. This issue affects systems using the Python TAR file module. Update the module to the latest version to ensure accurate parsing of TAR archives.
Original title
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result...
Original description
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
nvd CVSS4.0
2.0
Vulnerability type
CWE-20
Improper Input Validation
CWE-74
Injection
CWE-434
Unrestricted File Upload
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026