CVE Catalog

CVE-2025-5916

LowCVSS 3.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

An integer overflow vulnerability has been identified in the libarchive library when processing WARC files claiming more than INT64_MAX - 4 content bytes. An attacker can craft a malicious WARC archive to trigger this overflow, leading to unpredictable behavior, memory corruption, or denial of service. This affects libarchive versions prior to 3.8.0.

Risk Assessment

The risk includes unpredictable application behavior, memory corruption, or denial of service (DoS) in systems processing WARC archives with libarchive. This could impact data availability and integrity.

Recommendation

Immediately update libarchive to version 3.8.0 or later. If an update is not possible, avoid processing untrusted WARC files.

Original NVD description (English source)

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS