← Back

CVE-2025-5916

nvd nist
Published: Jun 9, 2025Modified: Dec 12, 2025

JSON object

Loading...
5.6
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Exploitability: 1.3 / Impact: 4.2
Source: NVD

Description

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Affected (7)

Libarchive
1 product
Libarchive
Redhat
2 products
Enterprise Linux
Openshift Container Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libarchive
Before 3.8.0
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 10.0
Enterprise Linux
Version 6.0
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0
Openshift Container Platform
Version 4.0

Related CWEs

CWE-190
Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (4)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Release Notes

Timeline

No history available yet.