CVE-2025-5916

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5916

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5916.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5916

Published

2025-06-09T20:15:27Z

Modified

2025-06-10T11:10:31.497111Z

Severity

3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.

References

Affected packages

Debian:11 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.4.3-2

3.4.3-2+deb11u1

3.4.3-2+deb11u2

3.5.2-1

3.6.0-1

3.6.2-1

3.7.2-1

3.7.2-1.1~exp1

3.7.2-1.1

3.7.2-2

3.7.2-2.1

3.7.4-1

3.7.4-1.1

3.7.4-2

3.7.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2-1

3.6.2-1+deb12u1

3.6.2-1+deb12u2

3.7.2-1

3.7.2-1.1~exp1

3.7.2-1.1

3.7.2-2

3.7.2-2.1

3.7.4-1

3.7.4-1.1

3.7.4-2

3.7.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2-1

3.7.2-1

3.7.2-1.1~exp1

3.7.2-1.1

3.7.2-2

3.7.2-2.1

3.7.4-1

3.7.4-1.1

3.7.4-2

3.7.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libarchive/libarchive

Affected ranges

Type: GIT
Repo: https://github.com/libarchive/libarchive
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

70ff28fcf04ec129a1d064f96e49aa57fcc90e37

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v3.*

v3.0.0a

v3.0.1b

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.1.900a

v3.1.901a

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5