CVE-2025-5918: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for…

medium6.6CVSS 3.1

AVLACLPRLUIRSUCHINAH

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	ios_18.7.3_and_ipados	—	—
apple	ios_26.2_and_ipados	—	—
apple	macos_sequoia	—	—
apple	macos_sonoma	—	—
apple	macos_tahoe	—	—
debian	libarchive	< libarchive 3.4.3-2+deb11u3 (bullseye)	libarchive 3.4.3-2+deb11u3 (bullseye)
libarchive	libarchive	< 3.8.0	3.8.0
libarchive	libarchive	>= 0 < 3.4.3-2+deb11u3	3.4.3-2+deb11u3
libarchive	libarchive	>= 0 < 3.8.4-1	3.8.4-1
libarchive	libarchive	>= 0 < 3.6.0-1ubuntu1.6	3.6.0-1ubuntu1.6
libarchive	libarchive	>= 0 < 3.7.2-2ubuntu0.6	3.7.2-2ubuntu0.6
libarchive	libarchive	>= 0 < 3.7.7-0ubuntu3.1	3.7.7-0ubuntu3.1
libarchive	libarchive	>= 0 < 3.1.2-7ubuntu2.8+esm4	3.1.2-7ubuntu2.8+esm4
libarchive	libarchive	>= 0 < 3.1.2-11ubuntu0.16.04.8+esm2	3.1.2-11ubuntu0.16.04.8+esm2
libarchive	libarchive	>= 0 < 3.2.2-3.1ubuntu0.7+esm2	3.2.2-3.1ubuntu0.7+esm2
libarchive	libarchive	>= 0 < 3.4.0-2ubuntu1.5+esm1	3.4.0-2ubuntu1.5+esm1
msrc	azl3_cmake_3.30.3-8_on_azure_linux_3.0	—	—
msrc	azl3_libarchive_3.7.7-2_on_azure_linux_3.0	—	—
msrc	azl3_libarchive_3.7.7-3_on_azure_linux_3.0	—	—
msrc	cbl2_cmake_3.21.4-18_on_cbl_mariner_2.0	—	—
msrc	cbl2_cmake_3.21.4-19_on_cbl_mariner_2.0	—	—
msrc	cbl2_cmake_3.21.4-20_on_cbl_mariner_2.0	—	—
msrc	cbl2_libarchive_3.6.1-6_on_cbl_mariner_2.0	—	—
msrc	cbl2_libarchive_3.6.1-7_on_cbl_mariner_2.0	—	—
redhat	enterprise_linux	—	—

CVSS provenance

nvdv3.16.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

osv6.6MEDIUM