CVE Catalog

CVE-2025-5915

MediumCVSS 6.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

A heap buffer over-read vulnerability has been identified in the libarchive library. The issue occurs when the size of a filter block exceeds the LZSS window, potentially causing the library to read beyond allocated memory, leading to unpredictable behavior, crashes, or disclosure of sensitive information.

Risk Assessment

The risk includes potential denial of service through crashes and exposure of sensitive data from adjacent memory regions, which could lead to data breaches or service disruptions.

Recommendation

Immediately update libarchive to the latest patched version. If an update is not possible, restrict processing of untrusted archives until the fix is applied.

Original NVD description (English source)

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS