CVE-2025-5914
published 2025-06-09CVE-2025-5914: A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libarchive | < libarchive 3.6.2-1+deb12u3 (bookworm) | libarchive 3.6.2-1+deb12u3 (bookworm) |
| libarchive | libarchive | < 3.8.0 | 3.8.0 |
| libarchive | libarchive | >= 0 < 3.4.3-2+deb11u3 | 3.4.3-2+deb11u3 |
| libarchive | libarchive | >= 0 < 3.6.2-1+deb12u3 | 3.6.2-1+deb12u3 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.5 | 3.6.0-1ubuntu1.5 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.6 | 3.6.0-1ubuntu1.6 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.5 | 3.7.2-2ubuntu0.5 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.6 | 3.7.2-2ubuntu0.6 |
| libarchive | libarchive | >= 0 < 3.7.7-0ubuntu3.1 | 3.7.7-0ubuntu3.1 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.8+esm4 | 3.1.2-7ubuntu2.8+esm4 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.8+esm2 | 3.1.2-11ubuntu0.16.04.8+esm2 |
| libarchive | libarchive | >= 0 < 3.2.2-3.1ubuntu0.7+esm2 | 3.2.2-3.1ubuntu0.7+esm2 |
| libarchive | libarchive | >= 0 < 3.4.0-2ubuntu1.5+esm1 | 3.4.0-2ubuntu1.5+esm1 |
| msrc | azl3_libarchive_3.7.7-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libarchive_3.7.7-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-7_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH