CVE-2025-5918
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-5918
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5918.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-5918
- Published
- 2025-06-09T20:15:27Z
- Modified
- 2025-06-12T16:59:53.003590Z
- Downstream
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
- References
Affected packages
Debian:11 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:12 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/debian/libarchive?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Git / github.com/libarchive/libarchive
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libarchive/libarchive
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.6.0
v2.6.1
v2.6.2
v2.7.0
v2.7.1
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v3.*
v3.0.0a
v3.0.1b
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.1.1
v3.1.2
v3.1.900a
v3.1.901a
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5