CVE-2025-5917
published 2025-06-09CVE-2025-5917: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file…
medium5CVSS 3.1
AVLACLPRLUIRSUCNINAH
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libarchive | < libarchive 3.6.2-1+deb12u3 (bookworm) | libarchive 3.6.2-1+deb12u3 (bookworm) |
| libarchive | libarchive | < 3.8.0 | 3.8.0 |
| libarchive | libarchive | >= 0 < 3.4.3-2+deb11u3 | 3.4.3-2+deb11u3 |
| libarchive | libarchive | >= 0 < 3.6.2-1+deb12u3 | 3.6.2-1+deb12u3 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.7.4-4 | 3.7.4-4 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.5 | 3.6.0-1ubuntu1.5 |
| libarchive | libarchive | >= 0 < 3.6.0-1ubuntu1.6 | 3.6.0-1ubuntu1.6 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.5 | 3.7.2-2ubuntu0.5 |
| libarchive | libarchive | >= 0 < 3.7.2-2ubuntu0.6 | 3.7.2-2ubuntu0.6 |
| libarchive | libarchive | >= 0 < 3.7.7-0ubuntu3.1 | 3.7.7-0ubuntu3.1 |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.8+esm4 | 3.1.2-7ubuntu2.8+esm4 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.8+esm2 | 3.1.2-11ubuntu0.16.04.8+esm2 |
| libarchive | libarchive | >= 0 < 3.2.2-3.1ubuntu0.7+esm2 | 3.2.2-3.1ubuntu0.7+esm2 |
| libarchive | libarchive | >= 0 < 3.4.0-2ubuntu1.5+esm1 | 3.4.0-2ubuntu1.5+esm1 |
| msrc | azl3_cmake_3.30.3-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_libarchive_3.7.7-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_libarchive_3.7.7-3_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cmake_3.21.4-18_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cmake_3.21.4-19_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cmake_3.21.4-20_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libarchive_3.6.1-7_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.15.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
osv7.8HIGH