CVE-2025-5916
published 2025-06-09CVE-2025-5916: A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive…
medium5.6CVSS 3.1
AVLACLPRLUIRSUCLINAH
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libarchive | < libarchive 3.6.2-1+deb12u3 (bookworm) | libarchive 3.6.2-1+deb12u3 (bookworm) |
| libarchive | libarchive | < 3.8.0 | 3.8.0 |
| libarchive | libarchive | >= 0 < 3.4.3-2+deb11u3 | 3.4.3-2+deb11u3 |
| libarchive | libarchive | >= 0 < 3.6.2-1+deb12u3 | 3.6.2-1+deb12u3 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.5 | 3.6.0-1ubuntu1.5 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.6 | 3.6.0-1ubuntu1.6 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.5 | 3.7.2-2ubuntu0.5 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.6 | 3.7.2-2ubuntu0.6 |
| libarchive | libarchive | >= 0 < 3.7.7-0ubuntu3.1 | 3.7.7-0ubuntu3.1 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.8+esm4 | 3.1.2-7ubuntu2.8+esm4 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.8+esm2 | 3.1.2-11ubuntu0.16.04.8+esm2 |
| libarchive | libarchive | >= 0 < 3.2.2-3.1ubuntu0.7+esm2 | 3.2.2-3.1ubuntu0.7+esm2 |
| libarchive | libarchive | >= 0 < 3.4.0-2ubuntu1.5+esm1 | 3.4.0-2ubuntu1.5+esm1 |
| msrc | azl3_cmake_3.30.3-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_libarchive_3.7.7-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libarchive_3.7.7-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cmake_3.21.4-18_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cmake_3.21.4-19_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cmake_3.21.4-20_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-7_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
osv7.8HIGH