CVE-2025-5917
LowCVSS 2.8Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
An off-by-one vulnerability has been identified in the libarchive library when handling file name prefixes and suffixes. This flaw causes a 1-byte write overflow, potentially corrupting adjacent memory and leading to unpredictable program behavior or crashes.
Risk Assessment
This vulnerability could allow an attacker to destabilize the system by crashing applications using libarchive, and under favorable conditions, it may be used as a building block for more sophisticated attacks leading to control compromise.
Recommendation
Immediately update the libarchive library to version 3.8.0 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

