CVE-2025-5917

Low CVSS: 2.8

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Vendor

Libarchive

Product

Libarchive

CWE

CWE-787

Yayın Tarihi

2025-06-09 20:15:27

Güncelleme

2025-12-12 01:15:46

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-787 Libarchive LOW Libarchive 2025

Referanslar

https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Benzer Kayıtlar

Medium

CVE-2025-60753

An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c whe…

Low

CVE-2025-5916

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be trigge…

Low

CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped in…

High

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data…

Medium

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the…

High

CVE-2024-48615

Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pa…