Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Published

2025-06-09T20:15:26.317

Last Modified

2025-08-25T02:28:51.487

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.9 (LOW)

Weaknesses

Type: Secondary
CWE-122

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	libarchive	libarchive	< 3.8.0	Yes
Application	redhat	openshift_container_platform	4.0	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes
Operating System	redhat	enterprise_linux	10.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-5915 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2370865 Issue Tracking ([email protected])
https://github.com/libarchive/libarchive/pull/2599 Patch ([email protected])
https://github.com/libarchive/libarchive/releases/tag/v3.8.0 Release Notes ([email protected])