CVE-2025-5916
LowCVSS 3.9Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
An integer overflow vulnerability has been identified in the libarchive library when processing WARC files claiming more than INT64_MAX - 4 content bytes. An attacker can craft a malicious WARC archive to trigger this overflow, leading to unpredictable behavior, memory corruption, or denial of service. This affects libarchive versions prior to 3.8.0.
Risk Assessment
The risk includes unpredictable application behavior, memory corruption, or denial of service (DoS) in systems processing WARC archives with libarchive. This could impact data availability and integrity.
Recommendation
Immediately update libarchive to version 3.8.0 or later. If an update is not possible, avoid processing untrusted WARC files.
Original NVD description (English source)
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

