CVE-2025-5915

EUVD-2025-17576
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
libarchivelibarchive
𝑥
< 3.8.0
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bookworm
3.6.2-1+deb12u4
fixed
bookworm (security)
vulnerable
bullseye
3.4.3-2+deb11u1
fixed
bullseye (security)
3.4.3-2+deb11u4
fixed
forky
3.8.7-1
fixed
sid
3.8.8-1
fixed
trixie
3.7.4-4+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bsdtar
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
libarchive-devel
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
libarchive13
suse enterprise desktop 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise desktop 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise sap 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise sap 15 SP7
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP4
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP5
3.5.1-150400.3.21.1
fixed
suse enterprise server 15 SP6
3.7.2-150600.3.17.1
fixed
suse enterprise server 15 SP7
3.7.2-150600.3.17.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bsdcat
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdcat-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdcpio
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdcpio-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdtar
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdtar-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdunzip
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
bsdunzip-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
libarchive
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
libarchive-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
libarchive-debugsource
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
libarchive-devel
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.4
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libarchive
Azure Linux 3.0
0:3.7.7-3.azl3
fixed
CBL-Mariner 2.0
0:3.6.1-7.cm2
fixed