CVE-2025-5915

EUVD-2025-17576
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
𝑥
< 3.8.0
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u4
fixed
bookworm (security)
vulnerable
bullseye
3.4.3-2+deb11u1
fixed
bullseye (security)
3.4.3-2+deb11u4
fixed
forky
3.8.7-1
fixed
sid
3.8.7-1
fixed
trixie
3.7.4-4+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bsdtar
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
libarchive-devel
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
libarchive13
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-5915
https://bugzilla.redhat.com/show_bug.cgi?id=2370865
https://github.com/libarchive/libarchive/pull/2599
https://github.com/libarchive/libarchive/releases/tag/v3.8.0