CVE-2025-5916

CWE-190Integer Overflow11 documents9 sources
Severity
5.6MEDIUM
EPSS
0.1%
top 72.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libarchive LibarchiveRedhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJun 9
Latest updateApr 2

Description

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive v

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:LExploitability: 1.3 | Impact: 2.5

Affected Packages2 packages

Debianlibarchive< 3.4.3-2+deb11u3+3

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
libarchive vulnerabilities2025-06-26
GHSA
GHSA-fg6q-2hc3-4h9c: A vulnerability has been identified in the libarchive library2025-06-09
OSV
CVE-2025-5916: A vulnerability has been identified in the libarchive library2025-06-09
CVEList
Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c2025-06-09

💥Exploits & PoCs

1
Exploit-DB
ABB Cylon Aspect 3.08.02 - PHP Session Fixation2025-04-11

📋Vendor Advisories

5
Ubuntu
libarchive vulnerabilities2026-04-02
Ubuntu
libarchive vulnerabilities2025-06-26
Microsoft
Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c2025-06-10
Red Hat
libarchive: Integer overflow while reading warc files at archive_read_support_format_warc.c2025-05-20
Debian
CVE-2025-5916: libarchive - A vulnerability has been identified in the libarchive library. This flaw involve...2025