Description

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

INFO

Published Date :

2025-06-09T19:49:13.204Z

Last Modified :

2026-02-25T20:20:19.003Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-5917 vulnerability.

Vendors Products
Libarchive
  • Libarchive
Redhat
  • Enterprise Linux
  • Openshift
  • Openshift Container Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-5917.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-5917 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2370874 cve-icon cve-icon
https://github.com/libarchive/libarchive/pull/2588 cve-icon cve-icon cve-icon
https://github.com/libarchive/libarchive/releases/tag/v3.8.0 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-5917 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-5917 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact