UBUNTU-CVE-2025-5918
- Source
- https://ubuntu.com/security/CVE-2025-5918
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-5918.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-5918
- Upstream
- Downstream
- Related
- Published
- 2025-06-09T20:15:00Z
- Modified
- 2026-04-07T12:01:50.423486Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
- References
-
- https://ubuntu.com/security/CVE-2025-5918
- https://www.cve.org/CVERecord?id=CVE-2025-5918
- https://github.com/libarchive/libarchive/pull/2584
- https://access.redhat.com/security/cve/CVE-2025-5918
- https://github.com/libarchive/libarchive/releases/tag/v3.8.0
- https://ubuntu.com/security/notices/USN-8147-1
Affected packages
Ubuntu:22.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.6.0-1ubuntu1.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.0-1ubuntu1.6
Affected versions
3.*
3.4.3-2
3.4.3-2build1
3.5.2-1
3.5.2-1ubuntu1
3.6.0-1ubuntu1
3.6.0-1ubuntu1.1
3.6.0-1ubuntu1.2
3.6.0-1ubuntu1.3
3.6.0-1ubuntu1.4
3.6.0-1ubuntu1.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libarchive-dev",
"binary_version": "3.6.0-1ubuntu1.6"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.6.0-1ubuntu1.6"
},
{
"binary_name": "libarchive13",
"binary_version": "3.6.0-1ubuntu1.6"
}
],
"availability": "No subscription required",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:24.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.7.2-2ubuntu0.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.2-2ubuntu0.6
Affected versions
3.*
3.6.2-1ubuntu1
3.7.2-1ubuntu1
3.7.2-1ubuntu2
3.7.2-1.1ubuntu2
3.7.2-2
3.7.2-2ubuntu0.1
3.7.2-2ubuntu0.2
3.7.2-2ubuntu0.3
3.7.2-2ubuntu0.4
3.7.2-2ubuntu0.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libarchive-dev",
"binary_version": "3.7.2-2ubuntu0.6"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.7.2-2ubuntu0.6"
},
{
"binary_name": "libarchive13t64",
"binary_version": "3.7.2-2ubuntu0.6"
}
],
"availability": "No subscription required",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:25.10
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.7.7-0ubuntu3.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.7-0ubuntu3.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libarchive-dev",
"binary_version": "3.7.7-0ubuntu3.1"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.7.7-0ubuntu3.1"
},
{
"binary_name": "libarchive13t64",
"binary_version": "3.7.7-0ubuntu3.1"
}
],
"availability": "No subscription required",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:Pro:14.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.1.2-7ubuntu2.8+esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.2-7ubuntu2.8+esm4
Affected versions
3.*
3.1.2-5ubuntu1
3.1.2-7ubuntu1
3.1.2-7ubuntu2
3.1.2-7ubuntu2.1
3.1.2-7ubuntu2.2
3.1.2-7ubuntu2.3
3.1.2-7ubuntu2.4
3.1.2-7ubuntu2.6
3.1.2-7ubuntu2.7
3.1.2-7ubuntu2.8
3.1.2-7ubuntu2.8+esm1
3.1.2-7ubuntu2.8+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.1.2-7ubuntu2.8+esm4"
},
{
"binary_name": "bsdtar",
"binary_version": "3.1.2-7ubuntu2.8+esm4"
},
{
"binary_name": "libarchive-dev",
"binary_version": "3.1.2-7ubuntu2.8+esm4"
},
{
"binary_name": "libarchive13",
"binary_version": "3.1.2-7ubuntu2.8+esm4"
}
],
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:Pro:16.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.1.2-11ubuntu0.16.04.8+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.2-11ubuntu0.16.04.8+esm2
Affected versions
3.*
3.1.2-11build1
3.1.2-11ubuntu0.16.04.1
3.1.2-11ubuntu0.16.04.2
3.1.2-11ubuntu0.16.04.3
3.1.2-11ubuntu0.16.04.4
3.1.2-11ubuntu0.16.04.5
3.1.2-11ubuntu0.16.04.6
3.1.2-11ubuntu0.16.04.7
3.1.2-11ubuntu0.16.04.8
3.1.2-11ubuntu0.16.04.8+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm2"
},
{
"binary_name": "bsdtar",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm2"
},
{
"binary_name": "libarchive-dev",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm2"
},
{
"binary_name": "libarchive13",
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm2"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:Pro:18.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.2.2-3.1ubuntu0.7+esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2-3.1ubuntu0.7+esm2
Affected versions
3.*
3.2.2-3.1
3.2.2-3.1ubuntu0.1
3.2.2-3.1ubuntu0.2
3.2.2-3.1ubuntu0.3
3.2.2-3.1ubuntu0.4
3.2.2-3.1ubuntu0.5
3.2.2-3.1ubuntu0.6
3.2.2-3.1ubuntu0.7
3.2.2-3.1ubuntu0.7+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "bsdcpio",
"binary_version": "3.2.2-3.1ubuntu0.7+esm2"
},
{
"binary_name": "bsdtar",
"binary_version": "3.2.2-3.1ubuntu0.7+esm2"
},
{
"binary_name": "libarchive-dev",
"binary_version": "3.2.2-3.1ubuntu0.7+esm2"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.2.2-3.1ubuntu0.7+esm2"
},
{
"binary_name": "libarchive13",
"binary_version": "3.2.2-3.1ubuntu0.7+esm2"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Denial of service in a command-line tool"
}Ubuntu:Pro:20.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.4.0-2ubuntu1.5+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.0-2ubuntu1.5+esm1
Affected versions
3.*
3.4.0-1
3.4.0-1build1
3.4.0-1ubuntu2
3.4.0-2ubuntu1
3.4.0-2ubuntu1.1
3.4.0-2ubuntu1.2
3.4.0-2ubuntu1.3
3.4.0-2ubuntu1.4
3.4.0-2ubuntu1.5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libarchive-dev",
"binary_version": "3.4.0-2ubuntu1.5+esm1"
},
{
"binary_name": "libarchive-tools",
"binary_version": "3.4.0-2ubuntu1.5+esm1"
},
{
"binary_name": "libarchive13",
"binary_version": "3.4.0-2ubuntu1.5+esm1"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"priority_reason": "Denial of service in a command-line tool"
}