CVE-2025-5916

EPSS 0.1%
Veröffentlicht 09.06.2025 19:49:07
Zuletzt bearbeitet 12.12.2025 01:15:46
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 7 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libarchive ≫ Libarchive Version < 3.8.0

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.281

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.6	1.3	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
secalert@redhat.com	3.9	1.3	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://github.com/libarchive/libarchive/releases/tag/v3.8.0

Release Notes

https://access.redhat.com/security/cve/CVE-2025-5916

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2370872

Issue Tracking

https://github.com/libarchive/libarchive/pull/2568

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-5916

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5916

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5916

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-5916