CVE-2025-5914

CWE-190Integer OverflowCWE-41511 documents9 sources
Severity
7.8HIGH
EPSS
0.1%
top 69.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libarchive LibarchiveRedhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJun 9
Latest updateApr 2

Description

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianlibarchive< 3.4.3-2+deb11u3+3
Ubuntulibarchive< 3.6.0-1ubuntu1.5+1

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
libarchive vulnerabilities2025-06-26
CVEList
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c2025-06-09
OSV
CVE-2025-5914: A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function2025-06-09
GHSA
GHSA-7376-x4rm-3v8x: A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function2025-06-09

📋Vendor Advisories

6
Ubuntu
libarchive vulnerabilities2026-04-02
BSD
FreeBSD-SA-25:07.libarchive: Integer overflow in libarchive leading to double free2025-08-08
Ubuntu
libarchive vulnerabilities2025-06-26
Microsoft
Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c2025-06-10
Red Hat
libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c2025-05-20