CVE-2025-13462 – tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

CVE ID :CVE-2025-13462

Published : March 12, 2026, 5:59 p.m. | 27 minutes ago

Description :The “tarfile” module would still apply normalization of AREGTYPE (x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Severity: 2.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…