CVE-2025-5918

CWE-125 — Out-of-bounds Read13 documents9 sources

Severity

6.6MEDIUM

EPSS

0.1%

top 70.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libarchive Libarchive Redhat Enterprise Linux Redhat Openshift Container Platform

Timeline

PublishedJun 9

Latest updateApr 2

Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:LExploitability: 1.3 | Impact: 2.5

Affected Packages2 packages

▶NVDlibarchive/libarchive< 3.8.0

▶Debianlibarchive< 3.4.3-2+deb11u3+1

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Libarchive: reading past eof may be triggered for piped file streams↗2025-06-09

▶

OSV

CVE-2025-5918: A vulnerability has been identified in the libarchive library↗2025-06-09

▶

GHSA

GHSA-3hqh-8h99-q2cf: A vulnerability has been identified in the libarchive library↗2025-06-09

▶

📋Vendor Advisories

Ubuntu

libarchive vulnerabilities↗2026-04-02

▶

Apple

CVE-2025-5918: macOS Tahoe 26.2↗2025-12-12

▶

Apple

CVE-2025-5918: iOS 18.7.3 and iPadOS 18.7.3↗2025-12-12

▶

Apple

CVE-2025-5918: macOS Sonoma 14.8.3↗2025-12-12

▶

Apple

CVE-2025-5918: macOS Sequoia 15.7.3↗2025-12-12

▶